Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.144707
Category:Databases
Title:PostgreSQL 10.x < 10.14, 11.x < 11.9, 12.x < 12.4 Search Path Vulnerability (Linux)
Summary:PostgreSQL is prone to an uncontrolled search path element vulnerability in; logical replication.
Description:Summary:
PostgreSQL is prone to an uncontrolled search path element vulnerability in
logical replication.

Vulnerability Impact:
The PostgreSQL search_path setting determines schemas searched for tables,
functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize
search_path, but logical replication continued to leave search_path unchanged. Users of a replication publisher
or subscriber database can create objects in the public schema and harness them to execute arbitrary SQL
functions under the identity running replication, often a superuser. Installations having adopted a documented
secure schema usage pattern are not vulnerable.

Affected Software/OS:
PostgreSQL versions 10.x prior to 10.14, 11.x prior to 11.9 and 12.x
prior to 12.4.

Solution:
Update to version 10.14, 11.9, 12.4 or later.

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-14349
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.