It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
CPE | Name | Operator | Version |
---|---|---|---|
leap | eq | 15.1 | |
leap | eq | 15.2 | |
postgresql | ge | 10.0 | |
postgresql | lt | 10.14 | |
postgresql | ge | 11.0 | |
postgresql | lt | 11.9 | |
postgresql | ge | 12.0 | |
postgresql | lt | 12.4 |
lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html
bugzilla.redhat.com/show_bug.cgi?id=1865744
security.gentoo.org/glsa/202008-13
security.netapp.com/advisory/ntap-20200918-0002/
usn.ubuntu.com/4472-1/