CVE-2020-25695

State: PUBLISHED · Published: 2020-11-16 · Updated: 2024-08-04 · Assigner: redhat

Description

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CWE

CWE-89 — CWE-89

Affected

n/a / postgresql — v=All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24 [affected]

CVSS

(none)

References

https://www.postgresql.org/support/security/ x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1894425 x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201202-0003/ x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202012-07 vendor-advisory, x_refsource_GENTOO

Source

cvelistV5-main/cves/2020/25xxx/CVE-2020-25695.json