CVE-2021-3515 - Vulnerability Details - OpenCVE

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00124.

Key SSVC decision points have not yet been added.

Vendors	Products
2ndquadrant	Pglogical

Configuration 1 [-]

OR	cpe:2.3:a:2ndquadrant:pglogical::::::::
	cpe:2.3:a:2ndquadrant:pglogical::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-26833	A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1954112
https://nvd.nist.gov/vuln/detail/CVE-2021-3515
https://www.cve.org/CVERecord?id=CVE-2021-3515

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-06-01T13:31:40

Updated: 2024-08-03T16:53:17.757Z

Reserved: 2021-04-27T00:00:00

Link: CVE-2021-3515

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-01T14:15:10.337

Modified: 2024-11-21T06:21:43.780

Link: CVE-2021-3515

Redhat

Severity : Moderate

Publid Date: 2021-05-13T00:00:00Z

Links: CVE-2021-3515 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "pglogical", "vendor": "n/a", "versions": [{"status": "affected", "version": "pglogical 2.3.4, pglogical 3.6.26"}]}], "descriptions": [{"lang": "en", "value": "A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-01T13:31:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3515", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pglogical", "version": {"version_data": [{"version_value": "pglogical 2.3.4, pglogical 3.6.26"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.757Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3515", "datePublished": "2021-06-01T13:31:40", "dateReserved": "2021-04-27T00:00:00", "dateUpdated": "2024-08-03T16:53:17.757Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:2ndquadrant:pglogical:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F37C4E9-C7E9-45E3-A2D0-FFD701E436A8", "versionEndExcluding": "2.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:2ndquadrant:pglogical:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EF26082-DF09-4360-8DE9-951C066C93CF", "versionEndExcluding": "3.6.26", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription()."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de inyecci\u00f3n shell en pglogical en versiones anteriores a 2.3.4 y versiones anteriores a 3.6.26. Un atacante con privilegios CREATEDB en un servidor PostgreSQL puede dise\u00f1ar un nombre de base de datos que permita una ejecuci\u00f3n de comandos de shell como usuario de postgresql cuando se llama a la funci\u00f3n pglogical.create_subscription()"}], "id": "CVE-2021-3515", "lastModified": "2024-11-21T06:21:43.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-01T14:15:10.337", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}