CVE-2022-26520Files or Directories Accessible to External Parties in Postgresql Jdbc Driver

CWE-552Files or Directories Accessible to External Parties8 documents6 sources
Severity
9.8CRITICALNVD
EPSS
1.3%
top 20.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Postgresql Jdbc DriverDebian Linux
Timeline
PublishedMar 10
Latest updateMar 11

Description

In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDpostgresql/postgresql_jdbc_driver42.3.042.3.3+1

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
Path traversal in org.postgresql:postgresql2022-03-11
OSV
Path traversal in org.postgresql:postgresql2022-03-11
OSV
CVE-2022-26520: In pgjdbc before 422022-03-10
OSV
CVE-2022-26520: ** DISPUTED ** In pgjdbc before 422022-03-10
CVEList
CVE-2022-26520: In pgjdbc before 422022-03-07

📋Vendor Advisories

2
Red Hat
postgresql-jdbc: Arbitrary File Write Vulnerability2022-02-01
Debian
CVE-2022-26520: libpgjava - In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) c...2022
CVE-2022-26520 — Postgresql Jdbc Driver vulnerability | cvebase