Postgresql: extension script @substitutions@ within quoting allow sql injection
CVE-2023-39417

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Advanced Cluster Security 4.2
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor
CVE Published:
11 August 2023

Summary

This vulnerability in PostgreSQL allows for SQL Injection when specific quoting constructs are employed with certain extension strings (e.g., @extowner@, @extschema@). If an administrator has installed a vulnerable non-bundled extension, an attacker possessing database-level CREATE privileges can exploit this flaw to execute arbitrary commands, potentially gaining privileges as a bootstrap superuser. Organizations must ensure that they are protecting against this risk by assessing their use of PostgreSQL extensions and applying necessary mitigations.

Affected Version(s)

Red Hat Advanced Cluster Security 4.2 4.2.4-6

Red Hat Advanced Cluster Security 4.2 4.2.4-6

Red Hat Advanced Cluster Security 4.2 4.2.4-7

References

https://access.redhat.com/errata/RHSA-2023:7545
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7579
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7580
vendor-advisoryx_refsource_REDHAT

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.