Vulnerabilities > CVE-2022-2625

047910
CVSS 8.0 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
postgresql
fedoraproject
redhat
NVD
Published: 2022-08-18
Updated: 2022-12-02

Summary

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Vulnerable Configurations

Part Description Count
Application
Postgresql
66
OS
Fedoraproject
1
OS
Redhat
4

References