CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2022-1552	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2081126	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/202211-04	Third Party Advisory
https://security.netapp.com/advisory/ntap-20221104-0005/	Third Party Advisory
https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/	Vendor Advisory
https://www.postgresql.org/support/security/CVE-2022-1552/	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-1552	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2081126	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/202211-04	Third Party Advisory
https://security.netapp.com/advisory/ntap-20221104-0005/	Third Party Advisory
https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/	Vendor Advisory
https://www.postgresql.org/support/security/CVE-2022-1552/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

History

21 Nov 2024, 06:40

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2022-1552 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2022-1552 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2081126 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2081126 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://security.gentoo.org/glsa/202211-04 - Third Party Advisory~~	() https://security.gentoo.org/glsa/202211-04 - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20221104-0005/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20221104-0005/ - Third Party Advisory
References	~~() https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ - Vendor Advisory~~	() https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ - Vendor Advisory
References	~~() https://www.postgresql.org/support/security/CVE-2022-1552/ - Vendor Advisory~~	() https://www.postgresql.org/support/security/CVE-2022-1552/ - Vendor Advisory

22 Nov 2022, 06:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202211-04 -

04 Nov 2022, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		CWE-89 CWE-459
CPE		cpe:2.3:a:postgresql:postgresql::::::::
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20221104-0005/ -
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2081126 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2081126 - Issue Tracking, Patch, Third Party Advisory
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2022-1552 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2022-1552 - Third Party Advisory
References	~~(MISC) https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ -~~	(MISC) https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ - Vendor Advisory
References	~~(MISC) https://www.postgresql.org/support/security/CVE-2022-1552/ -~~	(MISC) https://www.postgresql.org/support/security/CVE-2022-1552/ - Vendor Advisory

31 Aug 2022, 16:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-31 16:15

Updated : 2024-11-21 06:40

NVD link : CVE-2022-1552

Mitre link : CVE-2022-1552

CVE.ORG link : CVE-2022-1552

JSON object : View

Products Affected

postgresql

postgresql

CWE

CWE-459

Incomplete Cleanup

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2022-1552", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-08-31T16:15:09.867", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-1552", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081126", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202211-04", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20221104-0005/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/support/security/CVE-2022-1552/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-1552", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081126", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202211-04", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20221104-0005/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.postgresql.org/support/security/CVE-2022-1552/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-459"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}, {"lang": "en", "value": "CWE-459"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity."}, {"lang": "es", "value": "Se ha encontrado un fallo en PostgreSQL. Se presenta un problema de esfuerzos incompletos para operar de forma segura cuando un usuario privilegiado est\u00e1 manteniendo los objetos de otro usuario. Los comandos Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER y pg_amcheck activan las protecciones pertinentes demasiado tarde o no las activan en absoluto durante el proceso. Este fallo permite a un atacante con permiso para crear objetos no temporales en al menos un esquema ejecutar funciones SQL arbitrarias bajo una identidad de superusuario"}], "lastModified": "2024-11-21T06:40:57.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "945184E6-C7C7-418B-9564-6E9AC65E6AA1", "versionEndExcluding": "10.21", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2130BFD8-44EA-40CD-B7BB-3760FA5C23AD", "versionEndExcluding": "11.16", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA4533E2-D0BE-4A74-8AB8-28AB2E7960F3", "versionEndExcluding": "12.11", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C81AE0B-D26A-41DF-AFD2-12B86BF43A1C", "versionEndExcluding": "13.7", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C7AC71-730A-489A-85D5-DFBCAE00B2C0", "versionEndExcluding": "14.3", "versionStartIncluding": "14.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

8.8 /10