{"containers": {"cna": {"affected": [{"product": "postgresql", "vendor": "n/a", "versions": [{"status": "affected", "version": "All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-07T01:06:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.postgresql.org/support/security/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"}, {"name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"name": "GLSA-202012-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202012-07"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "postgresql", "version": {"version_data": [{"version_value": "All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89"}]}]}, "references": {"reference_data": [{"name": "https://www.postgresql.org/support/security/", "refsource": "MISC", "url": "https://www.postgresql.org/support/security/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"}, {"name": "https://security.netapp.com/advisory/ntap-20201202-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"}, {"name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"name": "GLSA-202012-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202012-07"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.702Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.postgresql.org/support/security/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"}, {"name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"name": "GLSA-202012-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202012-07"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25695", "datePublished": "2020-11-16T00:40:36", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-04T15:40:36.702Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "B04B9785-AF1D-46C0-BC27-14FDF62E1612", "versionEndExcluding": "9.5.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "26E1856B-F065-4935-85A5-15743C5E6C14", "versionEndExcluding": "9.6.20", "versionStartIncluding": "9.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D588643-0088-463B-B31F-1721CD20C74E", "versionEndExcluding": "10.15", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C9D1627-948A-40AC-8C2C-31E11EE31DF9", "versionEndExcluding": "11.10", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "811920C1-BA3A-46F6-B4DF-6F2DC8B4DCA4", "versionEndExcluding": "12.5", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "71C9C93F-E573-4AF8-80AE-5F0D3A4CAA5F", "versionEndExcluding": "13.1", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en PostgreSQL versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24. Un atacante que tenga permiso para crear objetos no temporales en al menos un esquema puede ejecutar funciones SQL arbitrarias bajo la identidad de un superusuario. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"}], "id": "CVE-2020-25695", "lastModified": "2022-10-19T15:01:08.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-16T01:15:12.780", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-07"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Etienne Stalmans for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:1512", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.24-6.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-05-06T00:00:00Z"}, {"advisory": "RHSA-2020:5567", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:10-8030020201201142418.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2020:5619", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:9.6-8030020201201133334.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-17T00:00:00Z"}, {"advisory": "RHSA-2020:5620", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:12-8030020201207110000.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-17T00:00:00Z"}, {"advisory": "RHSA-2020:5661", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "postgresql:9.6-8000020201214122017.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2020:5664", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "postgresql:10-8000020201214113918.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2021:0166", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "postgresql:10-8010020201214112129.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0167", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "postgresql:9.6-8010020201214134447.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0161", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "postgresql:10-8020020201201142418.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0163", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "postgresql:12-8020020201207110224.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0164", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "postgresql:9.6-8020020201201133334.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2020:5316", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.15-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5317", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5316", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.15-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5317", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5316", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.15-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5317", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-12-02T00:00:00Z"}], "bugzilla": {"description": "postgresql: Multiple features escape \"security restricted operation\" sandbox", "id": "1894425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-89", "details": ["A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "While promptly updating PostgreSQL is the best remediation for most users, a user unable to do that can work around the vulnerability by disabling autovacuum and not manually running ANALYZE, CLUSTER, REINDEX, CREATE INDEX, VACUUM FULL, REFRESH MATERIALIZED VIEW, or a restore from output of the pg_dump command. Performance may degrade quickly under this workaround."}, "name": "CVE-2020-25695", "package_state": [{"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libpq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Storage 3"}], "public_date": "2020-11-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25695\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25695\nhttps://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/\nhttps://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"], "statement": "In Red Hat Gluster Storage 3, PostgreSQL (embedded in rhevm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters.\nIn Red Hat Virtualization the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.", "threat_severity": "Important", "upstream_fix": "postgresql 13.1, postgresql 12.5, postgresql 11.10, postgresql 10.15, postgresql 9.6.20, postgresql 9.5.24"}