7.3
CVE-2020-14350
- EPSS 0.03%
- Published 24.08.2020 13:15:10
- Last modified 21.11.2024 05:03:04
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Data is provided by the National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 9.5 < 9.5.23
Postgresql ≫ Postgresql Version >= 9.6 < 9.6.19
Postgresql ≫ Postgresql Version >= 10.0 < 10.14
Postgresql ≫ Postgresql Version >= 11.0 < 11.9
Postgresql ≫ Postgresql Version >= 12.0 < 12.4
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.076 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.