CVE-2023-23554

EPSS 0.1%
Veröffentlicht 07.03.2023 01:15:10
Zuletzt bearbeitet 06.03.2025 17:15:16
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sraoss ≫ Pg Ivm SwPlatformpostgresql Version < 1.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.282

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://github.com/sraoss/pg_ivm

Product

https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1

Release Notes

https://jvn.jp/en/jp/JVN19872280/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-23554

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23554

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23554

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-23554