TimescaleDB has incorrect access control
CVE-2023-25149

8.8HIGH

Key Information:

Vendor

Timescale

Status
Timescaledb
Vendor
CVE Published:
14 February 2023

What is CVE-2023-25149?

TimescaleDB, an open-source time-series SQL database, has a vulnerability that allows privilege escalation due to improperly secured telemetry job queries. During its installation process (versions 2.8.0 to 2.9.2), a telemetry job created runs under the installation user. This creates a risk as the executed queries lack a locked down search_path, permitting malicious users to define functions that the telemetry job could execute. Successful exploitation requires that a user be able to create objects within a database, which allows them to influence the behavior of the telemetry job after a superuser installs TimescaleDB. Instances of TimescaleDB in Timescale Cloud and Managed Service are not susceptible to this vulnerability due to enhanced security controls. The issue is resolved in version 2.9.3.

Affected Version(s)

timescaledb >= 2.8.0, < 2.9.3

References

https://github.com/timescale/timescaledb/security/advisor...
x_refsource_CONFIRM
https://github.com/timescale/timescaledb/pull/5259
x_refsource_MISC
https://github.com/timescale/timescaledb/releases/tag/2.9.3
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.