Veracode Vulnerability DatabaseVERACODE:40813Arbitrary Code Execution
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.9%
postgresql is vulnerable to Arbitrary Code Execution. The vulnerability is available within the ‘CREATE SCHEMA’ statement and can be used by a malicious attacker with database-level ‘CREATE’ privilege to bypass the protective ‘search_path’ changes and execute arbitrary code as the bootstrap superuser.
References
access.redhat.com/security/cve/CVE-2023-2454
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/community.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/community.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/community.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/community.yaml
secdb.alpinelinux.org/v3.18/main.yaml
security.netapp.com/advisory/ntap-20230706-0006/
www.postgresql.org/support/security/CVE-2023-2454/
Related
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.9%