2207568 – (CVE-2023-2454) CVE-2023-2454 postgresql: schema_element defeats protective search_path changes

Bug 2207568 (CVE-2023-2454) - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes

Summary: CVE-2023-2454 postgresql: schema_element defeats protective search_path changes

Keywords:
Status:	NEW
Alias:	CVE-2023-2454
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2207575 2207576 2207577 2207578 2207579 2207581 2207583 2207585 2207931 2207932 2207933 2207934 2207935 2207936 2228767 2207937 2207938 2208306 2212815 2214583 2214875 2224309
Blocks:	2203202
TreeView+	depends on / blocked

Reported:	2023-05-16 10:07 UTC by TEJ RATHI
Modified:	2023-08-08 08:38 UTC (History)
CC List:	125 users (show)
Fixed In Version:	PostgreSQL 15.3, PostgreSQL 14.8, PostgreSQL 13.11, PostgreSQL 12.15, PostgreSQL 11.20
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:3714	None	None	None	2023-06-21 14:38:58 UTC
Red Hat Product Errata	RHSA-2023:4313	None	None	None	2023-07-27 13:32:47 UTC
Red Hat Product Errata	RHSA-2023:4327	None	None	None	2023-07-31 09:19:40 UTC
Red Hat Product Errata	RHSA-2023:4527	None	None	None	2023-08-08 08:37:54 UTC
Red Hat Product Errata	RHSA-2023:4535	None	None	None	2023-08-08 08:38:03 UTC
Red Hat Product Errata	RHSA-2023:4539	None	None	None	2023-08-08 08:38:24 UTC

Description TEJ RATHI 2023-05-16 10:07:05 UTC

CVE-2023-2454: CREATE SCHEMA ... schema_element defeats protective search_path changes.

Versions Affected: 11 - 15. This problem is quite old.

This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users.

https://www.postgresql.org/support/security/CVE-2023-2454/

Comment 1 TEJ RATHI 2023-05-16 10:17:25 UTC

Created mingw-postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207576]


Created postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207575]


Created postgresql:10/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207577]


Created postgresql:11/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207578]


Created postgresql:12/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207579]


Created postgresql:13/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207581]


Created postgresql:14/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207583]


Created postgresql:15/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2207585]

Comment 9 errata-xmlrpc 2023-06-21 14:38:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3714 https://access.redhat.com/errata/RHSA-2023:3714

Comment 14 errata-xmlrpc 2023-07-27 13:32:41 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:4313 https://access.redhat.com/errata/RHSA-2023:4313

Comment 15 errata-xmlrpc 2023-07-31 09:19:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4327 https://access.redhat.com/errata/RHSA-2023:4327

Comment 16 errata-xmlrpc 2023-08-08 08:37:47 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4527 https://access.redhat.com/errata/RHSA-2023:4527

Comment 17 errata-xmlrpc 2023-08-08 08:37:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4535 https://access.redhat.com/errata/RHSA-2023:4535

Comment 18 errata-xmlrpc 2023-08-08 08:38:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4539 https://access.redhat.com/errata/RHSA-2023:4539

Note You need to log in before you can comment on or make changes to this bug.

aazores
adudiak
adupliak
aileenc
alampare
alazarot
anstephe
asoldano
ataylor
avibelli
bbaranow
bbuckingham
bcourt
bgeorges
bmaxwell
boliveir
brian.stansberry
caswilli
cdewolf
chazlett
clement.escoffier
dandread
darran.lofthouse
databases-maint
dffrench
dhanak
dkreling
dosoudil
drehak
drichtar
eaguilar
ebaron
ehelms
emingora
eric.wittmann
fjansen
fjanus
fjuma
fmongiar
gjospin
gmalinko
gparvin
gsmet
gzaronik
hamadhan
hbraun
hhorak
hkataria
ibek
ivassile
iweiss
janstey
jburrell
jkang
jmartisk
jnethert
jorton
jpallich
jpechane
jpoth
jrokos
jross
jsherril
kaycoth
kshier
kverlaen
kyoshida
lbacciot
lgao
lpetrovi
lthon
lzap
max.andersen
mhulan
mnovotny
mosmerov
msochure
msvehla
myarboro
nboldt
ngough
njean
nmoumoul
nwallace
nweather
orabin
owatkins
pahickey
pantinor
pcreech
pdelbell
pdrozd
peholase
pgallagh
pjindal
pkubat
pmackay
praiskup
probinso
psegedy
pskopek
rchan
rgodfrey
rguimara
rkieley
rowaters
rrajasek
rruss
rstancel
rsvoboda
saroy
sbiarozk
scorneli
sdouglas
sfroberg
smaestri
snavale
stcannon
sthorger
tcunning
teagle
tom.jenkinson
tsasak
yfang
yguenane