CVE-2022-2625 – postgresql: Extension scripts replace objects not belonging to the extension.
https://notcve.org/view.php?id=CVE-2022-2625
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. Se ha encontrado una vulnerabilidad en PostgreSQL. Este ataque requiere permiso para crear objetos no temporales en al menos un esquema, la capacidad de atraer o esperar que un administrador cree o actualice una extensión afectada en ese esquema, y la capacidad de atraer o esperar que una víctima utilice el objeto objetivo en CREATE OR REPLACE o CREATE IF NOT EXISTS. • https://bugzilla.redhat.com/show_bug.cgi?id=2113825 https://security.gentoo.org/glsa/202211-04 https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496 https://access.redhat.com/security/cve/CVE-2022-2625 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2022-31197 – SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc
https://notcve.org/view.php?id=CVE-2022-31197
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. • https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 https://lists.debian.org/debian-lts-announce/2022/10/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6WHUADTZBBQLVHO4YG4XCWDGWBT4LRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTFE6SV33P5YYU2GNTQZQKQRVR3GYE4S https://access.redhat.com/security/cve/CVE-2022-31197 https://b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-1552 – postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
https://notcve.org/view.php?id=CVE-2022-1552
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. Se ha encontrado un fallo en PostgreSQL. • https://access.redhat.com/security/cve/CVE-2022-1552 https://bugzilla.redhat.com/show_bug.cgi?id=2081126 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20221104-0005 https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449 https://www.postgresql.org/support/security/CVE-2022-1552 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-459: Incomplete Cleanup •
CVE-2022-24844 – SQL Injection in github.com/flipped-aurora/gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-24844
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. • https://github.com/flipped-aurora/gin-vue-admin/pull/1024 https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-26520 – postgresql-jdbc: Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-26520
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties ** EN DISPUTA ** En pgjdbc versiones anteriores a 42.3.3, un atacante (que controla la URL o las propiedades de jdbc) puede llamar a java.util.logging.FileHandler para escribir en archivos arbitrarios mediante las propiedades de conexión loggerFile y loggerLevel. Una situación de ejemplo es que un atacante podría crear un archivo JSP ejecutable bajo una root web de Tomcat. NOTA: la posición del proveedor es que no se presenta una vulnerabilidad de pgjdbc; en cambio, es una vulnerabilidad para cualquier aplicación que use el controlador pgjdbc con propiedades de conexión no confiables A flaw was found in Postgres JDBC. • https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3 https://jdbc.postgresql.org/documentation/head/tomcat.html https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com/security/cve/CVE-2022-26520 https://bugzilla.redhat.com/show_bug.cgi?id=2064007 • CWE-552: Files or Directories Accessible to External Parties •