Vulnerability CVE-2022-1552: Information

Description

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-1552
Published: Aug. 31, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-459

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql10p1010.21-alt110.23-alt1.p10.1ALT-PU-2022-1860-1299787Fixed
postgresql10p10_e2k10.22-alt1.E2K.110.23-alt1.p10.1ALT-PU-2022-6185-1-Fixed
postgresql10p910.21-alt0.M90P.110.23-alt0.M90P.1ALT-PU-2022-1888-1299776Fixed
postgresql10c10f110.21-alt110.23-alt1ALT-PU-2022-1860-1299787Fixed
postgresql10c9f210.23-alt0.M90P.110.23-alt0.M90P.1ALT-PU-2023-6631-3332751Fixed
postgresql11p1011.16-alt111.22-alt0.p10.1ALT-PU-2022-1861-1299787Fixed
postgresql11p10_e2k11.17-alt1.E2K.111.22-alt0.p10.1ALT-PU-2022-6186-1-Fixed
postgresql11p911.16-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2022-1889-1299776Fixed
postgresql11c10f111.16-alt111.22-alt0.p10.1ALT-PU-2022-1861-1299787Fixed
postgresql11c9f211.21-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2023-6628-3332751Fixed
postgresql12sisyphus12.11-alt112.19-alt3ALT-PU-2022-1841-1299761Fixed
postgresql12sisyphus_e2k12.12-alt1.E2K.112.19-alt3ALT-PU-2022-6169-1-Fixed
postgresql12sisyphus_riscv6412.11-alt112.19-alt3ALT-PU-2022-4926-1-Fixed
postgresql12p1012.11-alt112.19-alt0.p10.1ALT-PU-2022-1862-1299787Fixed
postgresql12p10_e2k12.12-alt1.E2K.112.19-alt0.p10.1ALT-PU-2022-6187-1-Fixed
postgresql12p912.11-alt0.M90P.112.19-alt0.M90P.1ALT-PU-2022-1887-1299776Fixed
postgresql12c10f112.11-alt112.19-alt0.p10.1ALT-PU-2022-1862-1299787Fixed
postgresql12c9f212.16-alt0.M90P.112.18-alt0.c9f2.1ALT-PU-2023-6630-3332751Fixed
postgresql12p1112.11-alt112.19-alt3ALT-PU-2022-1841-1299761Fixed
postgresql12-1Cp912.11-alt0.M90P.112.19-alt0.M90P.1ALT-PU-2022-1890-1299776Fixed
postgresql12-1Cc9f212.15-alt0.M90P.112.17-alt0.c9f2.2ALT-PU-2023-6629-3332751Fixed
postgresql13sisyphus13.7-alt113.15-alt3ALT-PU-2022-1842-1299761Fixed
postgresql13sisyphus_e2k13.8-alt1.E2K.113.15-alt3ALT-PU-2022-6170-1-Fixed
postgresql13sisyphus_riscv6413.7-alt113.15-alt3ALT-PU-2022-4927-1-Fixed
postgresql13p1013.7-alt113.15-alt0.p10.1ALT-PU-2022-1863-1299787Fixed
postgresql13p10_e2k13.8-alt1.E2K.113.15-alt0.p10.1ALT-PU-2022-6188-1-Fixed
postgresql13c10f113.7-alt113.15-alt0.p10.1ALT-PU-2022-1863-1299787Fixed
postgresql13p1113.7-alt113.15-alt3ALT-PU-2022-1842-1299761Fixed
postgresql14sisyphus14.3-alt114.12-alt3ALT-PU-2022-1838-1299761Fixed
postgresql14sisyphus_e2k14.5-alt1.E2K.114.12-alt3ALT-PU-2022-6171-1-Fixed
postgresql14sisyphus_riscv6414.3-alt114.12-alt3ALT-PU-2022-4924-1-Fixed
postgresql14p1014.3-alt114.12-alt0.p10.1ALT-PU-2022-1859-1299787Fixed
postgresql14p10_e2k14.5-alt1.E2K.114.12-alt0.p10.1ALT-PU-2022-6189-1-Fixed
postgresql14c10f114.3-alt114.12-alt0.p10.1ALT-PU-2022-1859-1299787Fixed
postgresql14p1114.3-alt114.12-alt3ALT-PU-2022-1838-1299761Fixed
postgresql14-1Cp1014.3-alt114.7-alt2ALT-PU-2022-1843-1299761Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
  • Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-1552
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2081126
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://www.postgresql.org/support/security/CVE-2022-1552/
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20221104-0005/
  • Third Party Advisory
GLSA-202211-04
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      14.0
      End excliding
      14.3
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      13.0
      End excliding
      13.7
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      12.0
      End excliding
      12.11
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      11.0
      End excliding
      11.16
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      10.0
      End excliding
      10.21
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top