← Back

CVE-2023-2454

nvd nist
Published: Jun 9, 2023Modified: Jan 6, 2025

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

Affected (9)

Postgresql
1 product
Postgresql
Redhat
2 products
Enterprise Linux
Software Collections
Fedoraproject
1 product
Fedora
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
From 11.0 to 11.20
Postgresql
From 12.0 to 12.15
Postgresql
From 13.0 to 13.11
Postgresql
From 14.0 to 14.8
Postgresql
From 15.0 to 15.3
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 8.0
Enterprise Linux
Version 9.0
Software Collections
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.