CVE-2023-2454 — Improper Input Validation in Postgresql

CWE-20 — Improper Input Validation10 documents8 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 52.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedJun 9

Latest updateFeb 15

Description

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDpostgresql/postgresql11.0 — 11.20+4

▶CVEListV5postgresql/postgresqlPostgreSQL 15.3, PostgreSQL 14.8, PostgreSQL 13.11, PostgreSQL 12.15, PostgreSQL 11.20

Also affects: Fedora 38, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

CVEList

CVE-2023-2454: schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with ele↗2023-06-09

▶

OSV

CVE-2023-2454: schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with ele↗2023-06-09

▶

GHSA

GHSA-9fff-w5w3-5x9g: schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with ele↗2023-06-09

▶

OSV

postgresql-10, postgresql-12, postgresql-14, postgresql-15 vulnerabilities↗2023-05-24

▶

📋Vendor Advisories

CISA ICS

Siemens SINEC NMS↗2024-02-15

▶

Ubuntu

PostgreSQL vulnerability↗2023-07-13

▶

Ubuntu

PostgreSQL vulnerabilities↗2023-05-24

▶

Red Hat

postgresql: schema_element defeats protective search_path changes↗2023-05-11

▶

Debian

CVE-2023-2454: postgresql-13 - schema_element defeats protective search_path changes; It was found that certain...↗2023

▶