Privilege Escalation Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2022-1552
8.8HIGH
What is CVE-2022-1552?
A flaw exists within PostgreSQL that allows a privileged user operating on another user's objects to sidestep essential protections during certain database commands. Commands like Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck may activate protections inadequately or too late. Consequently, an attacker with permissions to create non-temporary objects in a schema can execute arbitrary SQL functions with superuser rights, potentially compromising database integrity.
Affected Version(s)
postgresql Fixed in postgresql 14.3, postgresql 13.7, postgresql 12.11, postgresql 11.16, postgresql 10.21.