CVE-2022-2625

postgresql: Extension scripts replace objects not belonging to the extension.

Severity Score

8.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Se ha encontrado una vulnerabilidad en PostgreSQL. Este ataque requiere permiso para crear objetos no temporales en al menos un esquema, la capacidad de atraer o esperar que un administrador cree o actualice una extensión afectada en ese esquema, y la capacidad de atraer o esperar que una víctima utilice el objeto objetivo en CREATE OR REPLACE o CREATE IF NOT EXISTS. Dados los tres requisitos previos, este fallo permite a un atacante ejecutar código arbitrario como el rol de víctima, que puede ser un superusuario

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-02 CVE Reserved
2022-08-18 CVE Published
2024-07-04 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2113825	2022-12-02
https://security.gentoo.org/glsa/202211-04	2022-12-02
https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496	2022-12-02
https://access.redhat.com/security/cve/CVE-2022-2625	2023-12-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 10.0 < 10.22 Search vendor "Postgresql" for product "Postgresql" and version " >= 10.0 < 10.22"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 11.0 < 11.17 Search vendor "Postgresql" for product "Postgresql" and version " >= 11.0 < 11.17"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 12.0 < 12.12 Search vendor "Postgresql" for product "Postgresql" and version " >= 12.0 < 12.12"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 13.0 < 13.8 Search vendor "Postgresql" for product "Postgresql" and version " >= 13.0 < 13.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 14.0 < 14.5 Search vendor "Postgresql" for product "Postgresql" and version " >= 14.0 < 14.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				15 Search vendor "Postgresql" for product "Postgresql" and version "15"		beta1		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				15 Search vendor "Postgresql" for product "Postgresql" and version "15"		beta2		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"		-		Affected