Published: 18/08/2022 Updated: 02/12/2022

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 0

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an malicious user to run arbitrary code as the victim role, which may be a superuser.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql
postgresql postgresql 15
fedoraproject fedora 36
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat enterprise linux 8.0
redhat enterprise linux 9.0

Synopsis Important: postgresql:12 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update S ...

Synopsis Important: postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for postgresql is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ha ...

Synopsis Moderate: postgresql:10 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated thi ...

概述 Important: postgresql:12 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析识别并修复受此公告影响的系统。查看受影响的系统标题 An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise ...

Synopsis Moderate: postgresql:12 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated thi ...

Synopsis Moderate: rh-postgresql10-postgresql security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-postgresql10-postgresql is now available for Red Hat Software CollectionsRed Hat P ...

Synopsis Moderate: postgresql security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for postgresql is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as havin ...

Synopsis Important: postgresql:13 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Pr ...

Synopsis Moderate: postgresql:13 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated thi ...

Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2020-29582, CVE-2022-24329 Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2020-29582, CVE-2021-22573, CVE-2022-2625, CVE-2022-24329, CVE-2022-29170 Affected products and versions are listed below Plea ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-10219, CVE-2020-10693, CVE-2020-25638, CVE-2021-28170, CVE-2022-0866, CVE-2022-1278, CVE-2022-1466, CVE-2022-2625, CVE-2022-2764, CVE-2022-23437 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Menu Log in ...

Some extensions use CREATE OR REPLACE or CREATE IF NOT EXISTS commands Some don't adhere to the documented rule to target only objects known to be extension members already An attack requires permission to create non-temporary objects in at least one schema, ability to lure or wait for an administrator to create or update an affected extension ...

CWE-1321 https://bugzilla.redhat.com/show_bug.cgi?id=2113825 https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/https://security.gentoo.org/glsa/202211-04 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:7694 https://www.postgresql.org/support/security/CVE-2022-2625/https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-135/index.html

Get Started

CVE-2022-2625

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect