{"containers": {"cna": {"affected": [{"product": "PostgreSQL", "vendor": "n/a", "versions": [{"status": "affected", "version": "All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-183", "description": "CWE-183->CWE-270", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-07T01:06:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894430"}, {"tags": ["x_refsource_MISC"], "url": "https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"}, {"name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"name": "GLSA-202012-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202012-07"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25696", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PostgreSQL", "version": {"version_data": [{"version_value": "All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-183->CWE-270"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894430", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894430"}, {"name": "https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/", "refsource": "MISC", "url": "https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"}, {"name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"name": "GLSA-202012-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202012-07"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.672Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894430"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"}, {"name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"name": "GLSA-202012-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202012-07"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25696", "datePublished": "2020-11-23T21:15:47", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-04T15:40:36.672Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "1965A8EC-BC42-48AE-BCEB-5BD087AADC06", "versionEndExcluding": "9.5.24", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "26E1856B-F065-4935-85A5-15743C5E6C14", "versionEndExcluding": "9.6.20", "versionStartIncluding": "9.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D588643-0088-463B-B31F-1721CD20C74E", "versionEndExcluding": "10.15", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C9D1627-948A-40AC-8C2C-31E11EE31DF9", "versionEndExcluding": "11.10", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "811920C1-BA3A-46F6-B4DF-6F2DC8B4DCA4", "versionEndExcluding": "12.5", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "71C9C93F-E573-4AF8-80AE-5F0D3A4CAA5F", "versionEndExcluding": "13.1", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el terminal interactivo psql de PostgreSQL en versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24. Si una sesi\u00f3n psql interactiva utiliza \\gset al consultar un servidor comprometido, el atacante puede ejecutar c\u00f3digo arbitrario como la cuenta del sistema operativo que ejecuta psql. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como tambi\u00e9n la disponibilidad del sistema"}], "id": "CVE-2020-25696", "lastModified": "2024-11-21T05:18:30.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-23T22:15:12.257", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894430"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-07"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-183"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-697"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Nick Cleaton for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:5401", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libpq-0:12.5-1.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-14T00:00:00Z"}, {"advisory": "RHSA-2020:5567", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:10-8030020201201142418.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2020:5619", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:9.6-8030020201201133334.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-17T00:00:00Z"}, {"advisory": "RHSA-2020:5620", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:12-8030020201207110000.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-17T00:00:00Z"}, {"advisory": "RHSA-2020:5638", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "libpq-0:12.5-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-21T00:00:00Z"}, {"advisory": "RHSA-2020:5661", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "postgresql:9.6-8000020201214122017.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2020:5664", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "postgresql:10-8000020201214113918.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2021:0165", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "libpq-0:12.5-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0166", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "postgresql:10-8010020201214112129.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0167", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "postgresql:9.6-8010020201214134447.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0057", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "libpq-0:12.5-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-11T00:00:00Z"}, {"advisory": "RHSA-2021:0161", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "postgresql:10-8020020201201142418.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0163", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "postgresql:12-8020020201207110224.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0164", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "postgresql:9.6-8020020201201133334.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2020:5316", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.15-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5317", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5316", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.15-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5317", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5316", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.15-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-12-02T00:00:00Z"}, {"advisory": "RHSA-2020:5317", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-12-02T00:00:00Z"}], "bugzilla": {"description": "postgresql: psql's \\gset allows overwriting specially treated variables", "id": "1894430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894430"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-183->CWE-270", "details": ["A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \\gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "mitigation": {"lang": "en:us", "value": "Using \\gset with a prefix not found among specially treated variables, e.g. any lowercase string, precludes the attack in an unpatched psql."}, "name": "CVE-2020-25696", "package_state": [{"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Storage 3"}], "public_date": "2020-11-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25696\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25696\nhttps://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/"], "statement": "In Red Hat Gluster Storage 3, PostgreSQL (embedded in rhevm-dependencies) was shipped as a part of the Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters.\nIn Red Hat Virtualization, the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.", "threat_severity": "Moderate", "upstream_fix": "postgresql 13.1, postgresql 12.5, postgresql 11.10, postgresql 10.15, postgresql 9.6.20, postgresql 9.5.24"}