Lucene search

K
cve[email protected]CVE-2020-14349
HistoryAug 24, 2020 - 1:15 p.m.

CVE-2020-14349

2020-08-2413:15:10
CWE-427
CWE-89
web.nvd.nist.gov
329
2
postgresql
sql injection
cve-2020-14349
nvd

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

Affected configurations

Vulners
NVD
Node
postgresqlpostgresqlRange12.4
OR
postgresqlpostgresqlRange11.9
OR
postgresqlpostgresqlRange10.14
VendorProductVersionCPE
postgresqlpostgresql*cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresqlpostgresql*cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresqlpostgresql*cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "PostgreSQL",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PostgreSQL versions before 12.4, before 11.9 and before 10.14"
      }
    ]
  }
]

Social References

More

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%