CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
Autovacuum, REINDEX
, CREATE INDEX
, REFRESH MATERIALIZED VIEW
, CLUSTER
, and pg_amcheck
made incomplete efforts to operate safely when a privileged user is maintaining another user’s objects. Those commands activated relevant protections too late or not at all. An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity.
While promptly updating PostgreSQL is the best remediation for most users, a user unable to do that can work around the vulnerability by disabling autovacuum, not manually running the above commands, and not restoring from output of the pg_dump
command. Performance may degrade quickly under this workaround. VACUUM
is safe, and all commands are fine when a trusted user owns the target object.
The PostgreSQL project thanks Alexander Lakhin for reporting this problem.
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | * | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |