This security advisory describes one medium risk vulnerability.
1) Untrusted search path
Risk: Medium
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-14350
CWE-ID: CWE-426 - Untrusted Search Path
Exploit availability: No
Description
The vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to the way PostgreSQL handles CREATE EXTENSION statements. A remote user with permission to create objects in the new extension's schema or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser in certain cases.
Mitigation
Install update from vendor's website.
Vulnerable software versions
postgresql (Alpine package)
Alpine Linux 3.1011.9-r0, 12.4-r0, 11.5-r1, 11.5-r2, 11.4-r1, 11.5-r0, 11.4-r0, 12.2-r0, 12.1-r0, 11.6-r0, 11.7-r0
Alpine Linux 3.1112.4-r0, 12.1-r1, 12.2-r1, 12.2-r2, 12.2-r3, 12.3-r0, 12.3-r2, 12.3-r1, 12.1-r2, 12.1-r0, 12.2-r0
Alpine Linux 3.911.9-r0, 11.3-r1, 11.5-r1, 11.2-r1, 11.2-r0, 11.3-r2, 11.3-r0, 11.5-r0, 11.4-r0, 11.6-r0, 11.7-r0
Alpine Linux 3.811.9-r0, 10.8-r0, 10.9-r0, 10.10-r0, 10.5-r0, 10.4-r0, 11.1-r0, 11.2-r0, 11.3-r0, 11.5-r0, 11.4-r0, 11.7-r0, 11.6-r0, 10.12-r0
Alpine Linux 3.710.2-r0, 10.3-r1, 10.3-r0, 10.5-r0, 10.4-r0, 10.7-r0, 10.8-r0, 10.9-r0, 10.12-r0, 10.10-r0
Alpine Linux 3.59.6.13-r0, 9.6.12-r0, 9.6.2-r4, 9.6.2-r0, 9.6.4-r0, 9.6.3-r0, 9.6.5-r0, 9.6.6-r0, 9.6.7-r0, 9.6.8-r0, 9.6.9-r0, 9.6.10-r0
Alpine Linux 3.69.6.4-r0, 9.6.3-r0, 9.6.5-r0, 9.6.6-r0, 10.2-r0, 9.6.7-r0, 10.3 ..
Support the originator by clicking the read the rest link below.
