Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/05/2023 Updated: 01/02/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

aiven-extras is a PostgreSQL extension. Versions before 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aiven aiven

CWE-20 CWE-1321 https://github.com/aiven/aiven-extras/commit/8682ae01bec0791708bf25791786d776e2fb0250 https://github.com/aiven/aiven-extras/security/advisories/GHSA-7r4w-fw4h-67gp https://security.netapp.com/advisory/ntap-20230616-0006/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-32305

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect