Untrusted search path in PostgreSQL - CVE-2020-14349

 

Untrusted search path in PostgreSQL - CVE-2020-14349

Published: August 18, 2020


Vulnerability identifier: #VU45748
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-14349
CWE-ID: CWE-426
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: PostgreSQL Global Development Group
Affected software:
PostgreSQL

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to the way PostgreSQL handles search_path during replications. Users of a replication publisher or subscriber database can create objects in the public schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser.


How to mitigate CVE-2020-14349

Install updates from vendor's website.

Sources