ID de Prueba:	1.3.6.1.4.1.25623.1.0.148120
Categoría:	Privilege escalation
Título:	PostgreSQL 10.x < 10.21, 11.x < 11.16, 12.x < 12.11, 13.x < 13.7, 14.x < 14.3 Privilege Escalation Vulnerability - Linux
Resumen:	PostgreSQL is prone to a privilege escalation vulnerability.
Descripción:	Summary: PostgreSQL is prone to a privilege escalation vulnerability. Vulnerability Insight: Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated relevant protections too late or not at all. Vulnerability Impact: An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity. Affected Software/OS: PostgreSQL version 10.x, 11.x, 12.x, 13.x and 14.x. Solution: Update to version 10.21, 11.16, 12.11, 13.7, 14.3 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1552 https://security.gentoo.org/glsa/202211-04 https://access.redhat.com/security/cve/CVE-2022-1552 https://bugzilla.redhat.com/show_bug.cgi?id=2081126 https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ https://www.postgresql.org/support/security/CVE-2022-1552/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.