CVE-2022-1552
published 2022-08-31CVE-2022-1552: A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
11.73%
95.5th percentile
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | postgresql-13 | < postgresql-13 13.7-0+deb11u1 (bullseye) | postgresql-13 13.7-0+deb11u1 (bullseye) |
| msrc | cbl2_postgresql_14.5-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_postgresql_12.12-1_on_cbl_mariner_1.0 | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | >= 10.0 < 10.21 | 10.21 |
| postgresql | postgresql | >= 11.0 < 11.16 | 11.16 |
| postgresql | postgresql | >= 12.0 < 12.11 | 12.11 |
| postgresql | postgresql | >= 13.0 < 13.7 | 13.7 |
| postgresql | postgresql | >= 14.0 < 14.3 | 14.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker must have permission to create non-temporary objects in at least one schema to exploit this privilege escalation to superuser. ↗
- →Monitor for unexpected execution of SQL functions or OS commands under a superuser (postgres) identity, especially when triggered by maintenance commands: Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, or pg_amcheck. ↗
- →Audit PostgreSQL logs for non-superuser accounts creating objects in shared schemas, followed by invocation of maintenance commands (REINDEX, CLUSTER, CREATE INDEX, REFRESH MATERIALIZED VIEW, pg_amcheck) that could trigger the privilege escalation. ↗
- →The vulnerability is exploitable locally (scope: local); focus detection on local PostgreSQL session activity and schema object creation by non-privileged users. ↗
- ·The 'security restricted operation' sandbox protection was the intended mitigation but was activated too late or not at all in affected commands; patched versions enforce it correctly. Verify PostgreSQL is updated to a fixed release (e.g., Debian bullseye: 13.7-0+deb11u1). ↗
- ·No practical configuration-level mitigation exists; the only remediation is patching the affected PostgreSQL package. ↗
- ·libpq (the client library) on Red Hat Enterprise Linux 8 is confirmed not affected; only the server-side postgresql package is in scope. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3f3c-74mp-823m: A flaw was found in PostgreSQL
ghsa_unreviewed·2022-09-01
CVE-2022-1552 [HIGH] CWE-89 GHSA-3f3c-74mp-823m: A flaw was found in PostgreSQL
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
OSV
CVE-2022-1552: A flaw was found in PostgreSQL
osv·2022-08-31·CVSS 8.8
CVE-2022-1552 [HIGH] CVE-2022-1552: A flaw was found in PostgreSQL
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
Ubuntu
PostgreSQL vulnerability
vendor_ubuntu·2022-10-13
CVE-2022-1552 PostgreSQL vulnerability
Title: PostgreSQL vulnerability
Summary: PostgreSQL could be made to execute commands as the superuser.
Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user’s objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.
Instructions: After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
Microsoft
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MA
vendor_msrc·2022-08-09·CVSS 8.8
CVE-2022-1552 [HIGH] CWE-459 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MA
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MATERIALIZED VIEW CLUSTER and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure version
Ubuntu
PostgreSQL vulnerability
vendor_ubuntu·2022-05-24
CVE-2022-1552 PostgreSQL vulnerability
Title: PostgreSQL vulnerability
Summary: PostgreSQL could be made to execute commands as the superuser.
Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user's objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
Red Hat
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
vendor_redhat·2022-05-12·CVSS 8.8
CVE-2022-1552 [HIGH] CWE-459 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW,
Debian
CVE-2022-1552: postgresql-13 - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to ope...
vendor_debian·2022·CVSS 8.8
CVE-2022-1552 [HIGH] CVE-2022-1552: postgresql-13 - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to ope...
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
Scope: local
bullseye: resolved (fixed in 13.7-0+deb11u1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/security/cve/CVE-2022-1552https://bugzilla.redhat.com/show_bug.cgi?id=2081126https://security.gentoo.org/glsa/202211-04https://security.netapp.com/advisory/ntap-20221104-0005/https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/https://www.postgresql.org/support/security/CVE-2022-1552/https://access.redhat.com/security/cve/CVE-2022-1552https://bugzilla.redhat.com/show_bug.cgi?id=2081126https://security.gentoo.org/glsa/202211-04https://security.netapp.com/advisory/ntap-20221104-0005/https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/https://www.postgresql.org/support/security/CVE-2022-1552/
2022-08-31
Published