CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2113825	Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/202211-04	Third Party Advisory
https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:15:beta1::::::
	cpe:2.3:a:postgresql:postgresql:15:beta2::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

No history.

Information

Published : 2022-08-18 19:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-2625

Mitre link : CVE-2022-2625

CVE.ORG link : CVE-2022-2625

JSON object : View

Products Affected

redhat

enterprise_linux

postgresql

postgresql

fedoraproject

fedora

CWE

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-915

Improperly Controlled Modification of Dynamically-Determined Object Attributes

{"id": "CVE-2022-2625", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2022-08-18T19:15:14.500", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113825", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202211-04", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/", "tags": ["Release Notes", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1321"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-915"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en PostgreSQL. Este ataque requiere permiso para crear objetos no temporales en al menos un esquema, la capacidad de atraer o esperar que un administrador cree o actualice una extensi\u00f3n afectada en ese esquema, y la capacidad de atraer o esperar que una v\u00edctima utilice el objeto objetivo en CREATE OR REPLACE o CREATE IF NOT EXISTS. Dados los tres requisitos previos, este fallo permite a un atacante ejecutar c\u00f3digo arbitrario como el rol de v\u00edctima, que puede ser un superusuario"}], "lastModified": "2022-12-02T20:14:08.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66DC87C1-EDE3-4B95-8A84-973990E4BFAC", "versionEndExcluding": "10.22", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5504118E-93C0-42A2-AF2A-BE684DF7FC86", "versionEndExcluding": "11.17", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31EAA7D0-3741-4129-A823-FADDEDD8F144", "versionEndExcluding": "12.12", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C314DE-3A4D-4978-BD8D-830D54AF4107", "versionEndExcluding": "13.8", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5513DE36-DB43-498C-AA02-0BDF947E2C4D", "versionEndExcluding": "14.5", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:15:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A57E9523-00BA-4243-B548-83D72A9EC61B"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:15:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "854F4808-266C-456D-8AE0-B9A118B15A5D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}