FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes

Affected packages
postgresql-server < 15.3
postgresql-server < 14.8
postgresql-server < 13.11
postgresql-server < 12.15
postgresql-server < 11.20

Details

VuXML ID fbb5a260-f00f-11ed-bbae-6cc21735f730
Discovery 2023-05-11
Entry 2023-05-11

PostgreSQL Project reports

This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users.

[source]

References

CVE Name CVE-2023-2454
URL https://www.postgresql.org/support/security/CVE-2023-2454/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.