CVE-2023-39417 - Vulnerability Details

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Debian	Debian Linux
Postgresql	Postgresql
Redhat	Advanced Cluster Security Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Software Collections Rhel Tus Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

Configuration 2 [-]

OR	cpe:2.3:a:redhat:software_collections:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Advanced Cluster Security 4.2
advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
Red Hat Enterprise Linux 8
postgresql:13-8090020231114113712.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7581	2023-11-29T00:00:00Z
postgresql:12-8090020231128173330.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7714	2023-12-11T00:00:00Z
postgresql:15-8090020231114113548.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7884	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
postgresql:13-8060020231114115246.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7580	2023-11-29T00:00:00Z
postgresql:12-8060020231128165328.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7666	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
postgresql:13-8080020231114105206.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7579	2023-11-29T00:00:00Z
postgresql:12-8080020231128165335.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7656	2023-12-05T00:00:00Z
postgresql:15-8080020231113134015.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7883	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 9
postgresql-0:13.13-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7784	2023-12-13T00:00:00Z
postgresql:15-9030020231120082734.rhel9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7785	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
postgresql-0:13.13-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:7545	2023-11-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
postgresql-0:13.13-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7616	2023-11-30T00:00:00Z
postgresql:15-9020020231115020618.rhel9	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7885	2023-12-20T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-postgresql12-postgresql-0:12.17-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7770	2023-12-13T00:00:00Z
rh-postgresql13-postgresql-0:13.13-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7772	2023-12-13T00:00:00Z
RHACS-3.74-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:3.74.8-7	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
RHACS-4.1-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-39417
https://bugzilla.redhat.com/show_bug.cgi?id=2228111
https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
https://nvd.nist.gov/vuln/detail/CVE-2023-39417
https://security.netapp.com/advisory/ntap-20230915-0002/
https://www.cve.org/CVERecord?id=CVE-2023-39417
https://www.debian.org/security/2023/dsa-5553
https://www.debian.org/security/2023/dsa-5554
https://www.postgresql.org/support/security/CVE-2023-39417

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html https://security.netapp.com/advisory/ntap-20230915-0002/ https://www.debian.org/security/2023/dsa-5553 https://www.debian.org/security/2023/dsa-5554

Fri, 15 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html https://security.netapp.com/advisory/ntap-20230915-0002/ https://www.debian.org/security/2023/dsa-5553 https://www.debian.org/security/2023/dsa-5554
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-08-11T12:19:15.108Z

Updated: 2024-12-23T05:37:46.065Z

Reserved: 2023-08-01T09:31:02.842Z

Link: CVE-2023-39417

Vulnrichment

Updated: 2024-08-02T18:10:20.829Z

NVD

Status : Modified

Published: 2023-08-11T13:15:09.870

Modified: 2024-11-21T08:15:22.817

Link: CVE-2023-39417

Redhat

Severity : Moderate

Publid Date: 2023-08-10T00:00:00Z

Links: CVE-2023-39417 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39417", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-08-01T09:31:02.842Z", "datePublished": "2023-08-11T12:19:15.108Z", "dateUpdated": "2024-12-23T05:37:46.065Z"}, "containers": {"cna": {"title": "Postgresql: extension script @substitutions@ within quoting allow sql injection", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or \"\"). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8090020231114113712.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8090020231128173330.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8090020231114113548.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8060020231114115246.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8060020231128165328.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8080020231114105206.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8080020231128165335.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8080020231113134015.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9030020231120082734.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9020020231115020618.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql12-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:12.17-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql13-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "3.74.8-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10/postgresql", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql10-postgresql", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:rhel_software_collections:3"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-39417", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228111", "name": "RHBZ#2228111", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-39417"}], "datePublic": "2023-08-10T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "timeline": [{"lang": "en", "time": "2023-08-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-08-10T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-12-23T05:37:46.065Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T15:28:16.003937Z", "id": "CVE-2023-39417", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T15:28:30.775Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.829Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-39417", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228111", "name": "RHBZ#2228111", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230915-0002/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5553", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5554", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-39417", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-39417", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228111", "name": "RHBZ#2228111", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230915-0002/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5553", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5554", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-39417", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.829Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39417", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-26T15:28:16.003937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T15:28:24.333Z"}}], "cna": {"title": "Postgresql: extension script @substitutions@ within quoting allow sql injection", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8090020231114113712.a75119d5", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8090020231128173330.a75119d5", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8090020231114113548.a75119d5", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "versions": [{"status": "unaffected", "version": "8060020231114115246.ad008a3a", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "versions": [{"status": "unaffected", "version": "8060020231128165328.ad008a3a", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "8080020231114105206.63b34585", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "8080020231128165335.63b34585", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "8080020231113134015.63b34585", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:13.13-1.el9_3", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "9030020231120082734.rhel9", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:13.13-1.el9_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:13.13-1.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "9020020231115020618.rhel9", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"], "vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "versions": [{"status": "unaffected", "version": "0:12.17-1.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-postgresql12-postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"], "vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "versions": [{"status": "unaffected", "version": "0:13.13-1.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-postgresql13-postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "postgresql:10/postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:rhel_software_collections:3"], "vendor": "Red Hat", "product": "Red Hat Software Collections", "packageName": "rh-postgresql10-postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-08-01T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-08-10T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-08-10T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-39417", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228111", "name": "RHBZ#2228111", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-39417"}], "descriptions": [{"lang": "en", "value": "IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or \"\"). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-12-23T05:37:46.065Z"}, "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}}, "cveMetadata": {"cveId": "CVE-2023-39417", "state": "PUBLISHED", "dateUpdated": "2024-12-23T05:37:46.065Z", "dateReserved": "2023-08-01T09:31:02.842Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-08-11T12:19:15.108Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CC0BE5-F14A-4614-85B3-6DCF9E80FA26", "versionEndExcluding": "11.21", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "2330AEB8-C50A-407C-B066-74274F0C97AC", "versionEndExcluding": "12.16", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "113134BB-A944-4613-A1BC-576D5965B08A", "versionEndExcluding": "13.12", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB3BC449-642E-433D-92F1-53BDD99A33A9", "versionEndExcluding": "14.9", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "3263C456-8C2D-4069-AE64-8B55212B45DD", "versionEndExcluding": "15.4", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or \"\"). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser."}, {"lang": "es", "value": "EN EL SCRIPT DE EXTENSI\u00d3N, se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en PostgreSQL si usa @extowner@, @extschema@ o @extschema:...@ dentro de una construcci\u00f3n de cotizaci\u00f3n (cotizaci\u00f3n en d\u00f3lares, '' o \"\"). Si un administrador ha instalado archivos de una extensi\u00f3n vulnerable, de confianza y no empaquetada, un atacante con privilegios CREATE de nivel de base de datos puede ejecutar c\u00f3digo arbitrario como superusuario de arranque."}], "id": "CVE-2023-39417", "lastModified": "2024-11-21T08:15:22.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-11T13:15:09.870", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-39417"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228111"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-39417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-39417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230915-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-39417"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2023:7581", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:13-8090020231114113712.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7714", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:12-8090020231128173330.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2023:7884", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:15-8090020231114113548.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7580", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:13-8060020231114115246.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7666", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:12-8060020231128165328.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7579", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:13-8080020231114105206.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7656", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:12-8080020231128165335.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-05T00:00:00Z"}, {"advisory": "RHSA-2023:7883", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:15-8080020231113134015.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7784", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql-0:13.13-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7785", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql:15-9030020231120082734.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7545", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "postgresql-0:13.13-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2023:7616", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql-0:13.13-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-11-30T00:00:00Z"}, {"advisory": "RHSA-2023:7885", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql:15-9020020231115020618.rhel9", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7770", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.17-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7772", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql13-postgresql-0:13.13-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:3.74.8-7", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}], "bugzilla": {"description": "postgresql: extension script @substitutions@ within quoting allow SQL injection", "id": "2228111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228111"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-89", "details": ["IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or \"\"). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.", "IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or \"\"). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser."], "name": "CVE-2023-39417", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql:10/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-postgresql10-postgresql", "product_name": "Red Hat Software Collections"}], "public_date": "2023-08-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-39417\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39417\nhttps://www.postgresql.org/support/security/CVE-2023-39417"], "statement": "Bundled extensions are not vulnerable. Also, PostgreSQL will block this attack in the core server, so there's no need to modify individual extensions.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object