SB2020111702 - Red Hat Software Collections update for rh-postgresql12-postgresql
Published: November 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper Authorization (CVE-ID: CVE-2020-1720)
The vulnerability allows a remote attacker to perform unauthorized modification of data in database.
The vulnerability exists due to the ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization
checks, which can allow an unprivileged user to drop any function, procedure,
materialized view, index, or trigger under certain conditions. This attack is
possible if an administrator has installed an extension and an unprivileged
user can CREATE, or an extension owner either executes DROP EXTENSION
predictably or can be convinced to execute DROP EXTENSION.
2) Untrusted search path (CVE-ID: CVE-2020-14349)
The vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to the way PostgreSQL handles search_path during replications. Users of a
replication publisher or subscriber database can create objects in the public
schema and harness them to execute arbitrary SQL functions under the identity
running replication, often a superuser.
3) Untrusted search path (CVE-ID: CVE-2020-14350)
The vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to the way PostgreSQL handles CREATE EXTENSION statements. A remote user with permission to create objects in the new extension's schema
or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser in certain cases.
Remediation
Install update from vendor's website.