Specialists from an ethical hacking course report the discovery of two vulnerabilities in PostgreSQL, the popular open source database management system. Successful exploitation of these flaws would allow privilege escalations on the affected systems.
Below are brief descriptions of reported vulnerabilities, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-14349: How PostgreSQL handles search_path during replications allows remote threat actors to scale privileges within the affected database. Users of a replication editor can create objects in the public schema and leverage them to execute arbitrary SQL functions under the identity that replication runs, often a superuser.
This is a medium severity flaw that received a score of 4.7/10, mention ethical hacking course specialists.
CVE-2020-14350: How PostgreSQL handles CREATE EXTENSION statements would allow threat actors to scale privileges on the target system.
According to the ethical hacking course specialists, a remote user with permission to create objects in the schema of the new extension or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser.
PostgreSQL versions affected by these vulnerabilities are: 9.5, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 9.5.5, 9.5.6, 9.5.7, 9.5.8, 9.5.9, 9.5. 11, 9.5.12, 9.5.13, 9.5.14, 9.5.15, 9.5.16, 9.5.17, 9.5.18, 9.5.19, 9.5.20, 9.5.21, 9.5.22, 9.6.0, 9.6.1, 9.6.2, 9.6.3, 9.6.4, 9.6.5, 9.6.6, 9.6.7, 9.6.8, 9.6.9, 9.6.10, 9.6.11, 9.6.12, 9.6. 13, 9.6.14, 9.6.15, 9.6.16, 9.6.17, 9.6.18, 10.0, 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.10.4, 10.11, 10.12, 10.13, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 11.7, 11.8, 12.0, 12.1, 12.2, 12.3.
While these flaws could be exploited remotely by unauthenticated threat actors, attempts at active exploitation are not yet detected. Updates are now available, so users should update as soon as possible.
