Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2022-41946

Published: 23/11/2022 Updated: 29/03/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Postgresql Jdbc Driver

Vulnerability Summary

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql jdbc driver 42.5.0

postgresql postgresql jdbc driver

debian debian linux 10.0

Vendor Advisories

Red Hat: Important: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update
Synopsis Important: Red Hat Integration Camel Extension For Quarkus 27-1 security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel Extensions for Quarkus 27-1 release and security update is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Se ...
Red Hat: Moderate: Red Hat Integration Camel Extension For Quarkus 2.13.2-1 security update
Synopsis Moderate: Red Hat Integration Camel Extension For Quarkus 2132-1 security update Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel Extensions for Quarkus 2132-1 release and security update is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Produc ...
Red Hat: Important: Satellite 6.13 Release
Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...
Red Hat: Moderate: Red Hat Virtualization security and bug fix update
Synopsis Moderate: Red Hat Virtualization security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for ovirt-ansible-collection, ovirt-engine, and postgresql-jdbc is now available for Red Hat V ...
Red Hat: Moderate: Red Hat build of Quarkus 2.13.7 release and security update
Synopsis Moderate: Red Hat build of Quarkus 2137 release and security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, which gives adeta ...
Red Hat: Moderate: postgresql-jdbc security update
Synopsis Moderate: postgresql-jdbc security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this updat ...
Red Hat: Critical: Red Hat Fuse 7.12 release and security update
Synopsis Critical: Red Hat Fuse 712 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...
Red Hat: Low: Red Hat Integration Debezium 2.1.4 security update
Synopsis Low: Red Hat Integration Debezium 214 security update Type/Severity Security Advisory: Low Topic A security update for Debezium is now available for Red Hat IntegrationRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
Red Hat: Important: Satellite 6.12.3 Async Security Update
Synopsis Important: Satellite 6123 Async Security Update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated Satellite 612 packages that fixes important security bugs and severalregular bugs are now available for R ...
Red Hat: Important: Red Hat Integration Camel K 1.10.1 release security update
Synopsis Important: Red Hat Integration Camel K 1101 release security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel K 1101 release and security update is now available The purpose of this text-only errata is to inform you about the security issues fixed Red Hat Product Security has rated this update a ...
Red Hat: Important: Red Hat build of Quarkus 2.7.7 release and security update
Synopsis Important: Red Hat build of Quarkus 277 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Quarkus Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: pgjdbc is an open source postgresql JDBC Driver In affected versions a prepared statement using either `PreparedStatementsetText(int, InputStream)` or `PreparedStatemetsetBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k This will create a temp ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-8908, CVE-2020-14326, CVE-2020-25633, CVE-2020-36518, CVE-2021-20289, CVE-2021-21290, CVE-2021-46877, CVE-2022-3782, CVE-2022-4147, CVE-2022-40151, CVE-2022-40152, CVE-2022-41915, CVE-2022-41946, CVE-2022-41966, CVE-2023-0091, CVE-2023-1370, CVE-2023-28708 ...
Brocade Security Advisories: Access Denied
Menu Log in ...

Github Repositories

https://github.com/steinarb/bang-bompom

Common maven dependencies and common maven plugin configurations and versions

Master BoM and POM This project contains common maven plugin configurations and versions used across my project This project also contains common versions of code used in development and testing (JUnit, mockito, assertJ) The purpose of this maven parent, is to get a single point of change for boring configuration stuff as well as slimming down the top pom files of my maven p

https://github.com/steinarb/sonar-collector

A utility to collect a history of key numbers for each SonarQube analysis triggered by maven builds.

SonarQube metrics collector SonarQube is a code analysis tool that shows key numbers about code quality, eg code coverage, code complexity and various code practices SonarQube has a web GUI that allows exploring the analysis results However, SonarQube has no storage of build quality history To keep statistics about code quality one either have to manually type the key num

References

CWE-668https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8hhttps://lists.debian.org/debian-lts-announce/2022/12/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/https://security.netapp.com/advisory/ntap-20240329-0003/https://nvd.nist.govhttps://github.com/steinarb/bang-bompomhttps://access.redhat.com/errata/RHSA-2023:1177https://access.redhat.com/security/cve/cve-2022-41946
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook