CVE-2022-26520
published 2022-03-10CVE-2022-26520: In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.93%
85.3th percentile
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libpgjava | < libpgjava 42.3.3-1 (bookworm) | libpgjava 42.3.3-1 (bookworm) |
| postgresql | postgresql_jdbc_driver | 42.1.0 – 42.1.4 | — |
| postgresql | postgresql_jdbc_driver | >= 42.3.0 < 42.3.3 | 42.3.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
postgresql-jdbc: Arbitrary File Write Vulnerability
vendor_redhat·2022-02-01·CVSS 9.8
CVE-2022-26520 [CRITICAL] CWE-552 postgresql-jdbc: Arbitrary File Write Vulnerability
postgresql-jdbc: Arbitrary File Write Vulnerability
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties
A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and m
Debian
CVE-2022-26520: libpgjava - In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) c...
vendor_debian·2022·CVSS 9.8
CVE-2022-26520 [CRITICAL] CVE-2022-26520: libpgjava - In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) c...
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties
Scope: local
bookworm: resolved (fixed in 42.3.3-1)
bullseye: resolved (fixed in 42.2.15-1+deb11u1)
forky: resolved (fixed in 42.3.3-1)
sid: resolved (fixed in 42.3.3-1)
trixie: resolved (fixed in 42.3.3-1)
GHSA
Path traversal in org.postgresql:postgresql
ghsa·2022-03-11
CVE-2022-26520 [LOW] Path traversal in org.postgresql:postgresql
Path traversal in org.postgresql:postgresql
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.
OSV
Path traversal in org.postgresql:postgresql
osv·2022-03-11
CVE-2022-26520 [LOW] Path traversal in org.postgresql:postgresql
Path traversal in org.postgresql:postgresql
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.
OSV
CVE-2022-26520: In pgjdbc before 42
osv·2022-03-10·CVSS 9.8
CVE-2022-26520 [CRITICAL] CVE-2022-26520: In pgjdbc before 42
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties
OSV
CVE-2022-26520: ** DISPUTED ** In pgjdbc before 42
osv·2022-03-10·CVSS 9.8
CVE-2022-26520 [CRITICAL] CVE-2022-26520: ** DISPUTED ** In pgjdbc before 42
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccchttps://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3https://jdbc.postgresql.org/documentation/head/tomcat.htmlhttps://www.debian.org/security/2022/dsa-5196https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccchttps://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3https://jdbc.postgresql.org/documentation/head/tomcat.htmlhttps://www.debian.org/security/2022/dsa-5196
2022-03-10
Published