Vulnerability-Lookup

CVE-2020-25695 (GCVE-0-2020-25695)

Vulnerability from cvelistv5 – Published: 2020-11-16 00:40 – Updated: 2024-08-04 15:40

Summary

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity ?

No CVSS data available.

CWE

CWE-89

Assigner

redhat

References

5 references

URL	Tags
https://www.postgresql.org/support/security/	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1894425	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020120…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202012-07	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
n/a	postgresql	Affected: All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/support/security/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
          },
          {
            "name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
          },
          {
            "name": "GLSA-202012-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202012-07"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-07T01:06:27.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.postgresql.org/support/security/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
        },
        {
          "name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
        },
        {
          "name": "GLSA-202012-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202012-07"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25695",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.postgresql.org/support/security/",
              "refsource": "MISC",
              "url": "https://www.postgresql.org/support/security/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201202-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
            },
            {
              "name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
            },
            {
              "name": "GLSA-202012-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202012-07"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25695",
    "datePublished": "2020-11-16T00:40:36.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T15:40:36.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-25695",
      "date": "2026-05-19",
      "epss": "0.23757",
      "percentile": "0.96075"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.5.24\", \"matchCriteriaId\": \"B04B9785-AF1D-46C0-BC27-14FDF62E1612\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.6.0\", \"versionEndExcluding\": \"9.6.20\", \"matchCriteriaId\": \"26E1856B-F065-4935-85A5-15743C5E6C14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0\", \"versionEndExcluding\": \"10.15\", \"matchCriteriaId\": \"6D588643-0088-463B-B31F-1721CD20C74E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.10\", \"matchCriteriaId\": \"5C9D1627-948A-40AC-8C2C-31E11EE31DF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.5\", \"matchCriteriaId\": \"811920C1-BA3A-46F6-B4DF-6F2DC8B4DCA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.1\", \"matchCriteriaId\": \"71C9C93F-E573-4AF8-80AE-5F0D3A4CAA5F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en PostgreSQL versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24.\u0026#xa0;Un atacante que tenga permiso para crear objetos no temporales en al menos un esquema puede ejecutar funciones SQL arbitrarias bajo la identidad de un superusuario.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\\u00ed como la disponibilidad del sistema\"}]",
      "id": "CVE-2020-25695",
      "lastModified": "2024-11-21T05:18:29.807",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-11-16T01:15:12.780",
      "references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1894425\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202012-07\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20201202-0003/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.postgresql.org/support/security/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1894425\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202012-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20201202-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.postgresql.org/support/security/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-25695\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-11-16T01:15:12.780\",\"lastModified\":\"2024-11-21T05:18:29.807\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en PostgreSQL versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24.\u0026#xa0;Un atacante que tenga permiso para crear objetos no temporales en al menos un esquema puede ejecutar funciones SQL arbitrarias bajo la identidad de un superusuario.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.5.24\",\"matchCriteriaId\":\"B04B9785-AF1D-46C0-BC27-14FDF62E1612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.6.0\",\"versionEndExcluding\":\"9.6.20\",\"matchCriteriaId\":\"26E1856B-F065-4935-85A5-15743C5E6C14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.15\",\"matchCriteriaId\":\"6D588643-0088-463B-B31F-1721CD20C74E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.10\",\"matchCriteriaId\":\"5C9D1627-948A-40AC-8C2C-31E11EE31DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.5\",\"matchCriteriaId\":\"811920C1-BA3A-46F6-B4DF-6F2DC8B4DCA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"71C9C93F-E573-4AF8-80AE-5F0D3A4CAA5F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1894425\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202012-07\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20201202-0003/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.postgresql.org/support/security/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1894425\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202012-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20201202-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.postgresql.org/support/security/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-744

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans PostgreSQL. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PostgreSQL	PostgreSQL	PostgreSQL versions 10.x antérieures à 10.15
PostgreSQL	PostgreSQL	PostgreSQL versions 12.x antérieures à 12.5
PostgreSQL	PostgreSQL	PostgreSQL versions 13.x antérieures à 13.1
PostgreSQL	PostgreSQL	PostgreSQL versions 9.5.x antérieures à 9.5.24
PostgreSQL	PostgreSQL	PostgreSQL versions 11.x antérieures à 11.10
PostgreSQL	PostgreSQL	PostgreSQL versions 9.6.x antérieures à 9.6.20

References

Title

Publication Time

CERTFR-2020-AVI-744

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PostgreSQL	PostgreSQL	PostgreSQL versions 10.x antérieures à 10.15
PostgreSQL	PostgreSQL	PostgreSQL versions 12.x antérieures à 12.5
PostgreSQL	PostgreSQL	PostgreSQL versions 13.x antérieures à 13.1
PostgreSQL	PostgreSQL	PostgreSQL versions 9.5.x antérieures à 9.5.24
PostgreSQL	PostgreSQL	PostgreSQL versions 11.x antérieures à 11.10
PostgreSQL	PostgreSQL	PostgreSQL versions 9.6.x antérieures à 9.6.20

References

Title

Publication Time

alsa-2020:5620

Vulnerability from osv_almalinux

Published

2020-12-17 15:30

Modified

2020-12-17 15:30

Summary

Important: postgresql:12 security update

Details

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (12.5).

Security Fix(es):

postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)
postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695)
postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)
postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)
postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696)
postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-5620.html	ADVISORY
	https://vulners.com/cve/CVE-2020-14349	REPORT
	https://vulners.com/cve/CVE-2020-14350	REPORT
	https://vulners.com/cve/CVE-2020-1720	REPORT
	https://vulners.com/cve/CVE-2020-25694	REPORT
	https://vulners.com/cve/CVE-2020-25695	REPORT
	https://vulners.com/cve/CVE-2020-25696	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "postgres-decoderbufs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.10.0-2.module_el8.6.0+2760+1746ec94"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "postgres-decoderbufs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.10.0-2.module_el8.6.0+2758+4f4474df"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (12.5).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql\u0027s \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2020:5620",
  "modified": "2020-12-17T15:30:10Z",
  "published": "2020-12-17T15:30:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-5620.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14349"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14350"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-1720"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25694"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25695"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-25696"
    }
  ],
  "related": [
    "CVE-2020-25694",
    "CVE-2020-25695",
    "CVE-2020-14349",
    "CVE-2020-14350",
    "CVE-2020-25696",
    "CVE-2020-1720"
  ],
  "summary": "Important: postgresql:12 security update"
}

BDU:2020-05465

Vulnerability from fstec - Published: 12.11.2020

Title

Уязвимость компонента core server системы управления базами данных PostgreSQL, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных

Description

Уязвимость компонента core server системы управления базами данных PostgreSQL связана с недостаточной защитой структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать влияние на целостность, доступность и конфиденциальность данных

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Red Hat Inc., ООО «Ред Софт», PostgreSQL Global Development Group, АО «Концерн ВНИИНС», АО «ИВК», IBM Corp., АО "НППКТ", Postgres Professional

Software Name

Debian GNU/Linux, Astra Linux Common Edition (запись в едином реестре российских программ №4433), Red Hat Enterprise Linux, РЕД ОС (запись в едином реестре российских программ №3751), Red Hat Software Collections, PostgreSQL, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), Альт 8 СП (запись в едином реестре российских программ №4305), IBM Security Access Manager, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Postgres Pro Certified (запись в едином реестре российских программ №104)

Software Version

9 (Debian GNU/Linux), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 7.2 Муром (РЕД ОС), - (Red Hat Software Collections), до 9.5.24 (PostgreSQL), от 9.6.0 до 9.6.20 (PostgreSQL), от 10.0 до 10.15 (PostgreSQL), от 11.0 до 11.10 (PostgreSQL), от 12.0 до 12.5 (PostgreSQL), от 13.0 до 13.1 (PostgreSQL), 1.0 (ОС ОН «Стрелец»), - (Альт 8 СП), до 9.0.7.2-ISS-ISAM-IF0003 (IBM Security Access Manager), до 2.3 (ОСОН ОСнова Оnyx), до 11.11.1 (Postgres Pro Certified), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для PostgreSQL: https://www.postgresql.org/support/security/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2020-25695 Для Postgres Pro Certified: https://postgrespro.ru/products/postgrespro/certified Для Debian GNU/Linux: https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html Для программных продуктов IBM Corp.: https://www.ibm.com/support/pages/node/6502211 Для Astra Linux: Обновление программного обеспечения (пакета postgresql-9.6) до 9.6.20-0+deb9u1 или более поздней версии При невозможности выполнить обновление в качестве обходного пути можно отключить autovacuum и не запускать вручную операции ANALYZE, CLUSTER, REINDEX, CREATE INDEX, VACUUM FULL и REFRESH MATERIALIZED VIEW, а также не выполнять восстановление БД на основе вывода команды pg_dump. Для ОС ОН «Стрелец»: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie Для ОСОН Основа: Обновление программного обеспечения postgresql-11 до версии 11.13+repack1-1.pgdg100+1+osnova2 Для ОС ОН «Стрелец»: Обновление программного обеспечения postgresql-9.6 до версии 9.6.24+repack1-1.pgdg90+1 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://access.redhat.com/security/cve/cve-2020-25695 https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie https://www.postgresql.org/support/security/ https://www.ibm.com/support/pages/node/6502211 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.3/ https://postgrespro.ru/products/postgrespro/certified https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-89

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, PostgreSQL Global Development Group, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, IBM Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", Postgres Professional",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Red Hat Enterprise Linux), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), - (Red Hat Software Collections), \u0434\u043e 9.5.24 (PostgreSQL), \u043e\u0442 9.6.0 \u0434\u043e 9.6.20 (PostgreSQL), \u043e\u0442 10.0 \u0434\u043e 10.15 (PostgreSQL), \u043e\u0442 11.0 \u0434\u043e 11.10 (PostgreSQL), \u043e\u0442 12.0 \u0434\u043e 12.5 (PostgreSQL), \u043e\u0442 13.0 \u0434\u043e 13.1 (PostgreSQL), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 9.0.7.2-ISS-ISAM-IF0003 (IBM Security Access Manager), \u0434\u043e 2.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 11.11.1 (Postgres Pro Certified), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f PostgreSQL:\nhttps://www.postgresql.org/support/security/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-25695\n\n\u0414\u043b\u044f Postgres Pro Certified:\nhttps://postgrespro.ru/products/postgrespro/certified\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2020/12/msg00005.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6502211\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 postgresql-9.6) \u0434\u043e 9.6.20-0+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u041f\u0440\u0438 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c autovacuum \u0438 \u043d\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 ANALYZE, CLUSTER, REINDEX, CREATE INDEX, VACUUM FULL \u0438 REFRESH MATERIALIZED VIEW, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0411\u0414 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0432\u044b\u0432\u043e\u0434\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u044b pg_dump.\n\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f postgresql-11 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 11.13+repack1-1.pgdg100+1+osnova2\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f postgresql-9.6 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 9.6.24+repack1-1.pgdg90+1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.11.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.12.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-05465",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-25695",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat Enterprise Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Red Hat Software Collections, PostgreSQL, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), IBM Security Access Manager, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Postgres Pro Certified (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116104)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat Inc. Red Hat Enterprise Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 core server \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL (\u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430 \\\"\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435  SQL\\\") (CWE-89)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 core server \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2020-25695\nhttps://lists.debian.org/debian-lts-announce/2020/12/msg00005.html\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\nhttps://www.postgresql.org/support/security/\nhttps://www.ibm.com/support/pages/node/6502211\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.3/\nhttps://postgrespro.ru/products/postgrespro/certified\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-89",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

bit-postgresql-2020-25695

Vulnerability from bitnami_vulndb

Published

2024-03-06 11:06

Modified

2025-04-03 14:40

Summary

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "postgresql",
        "purl": "pkg:bitnami/postgresql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.5.24"
            },
            {
              "introduced": "9.6.0"
            },
            {
              "fixed": "9.6.20"
            },
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.15.0"
            },
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.10.0"
            },
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.5.0"
            },
            {
              "introduced": "13.0.0"
            },
            {
              "fixed": "13.1.0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-25695"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  "id": "BIT-postgresql-2020-25695",
  "modified": "2025-04-03T14:40:37.652Z",
  "published": "2024-03-06T11:06:03.395Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202012-07"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/support/security/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25695"
    }
  ],
  "schema_version": "1.5.0"
}

cleanstart-2026-fw42039

Vulnerability from cleanstart

Published

2026-01-30 17:19

Modified

2026-01-29 18:58

Summary

vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT

Details

Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2017-15098	WEB
	https://osv.dev/vulnerability/CVE-2017-15099	WEB
	https://osv.dev/vulnerability/CVE-2017-7484	WEB
	https://osv.dev/vulnerability/CVE-2017-7485	WEB
	https://osv.dev/vulnerability/CVE-2017-7486	WEB
	https://osv.dev/vulnerability/CVE-2017-7546	WEB
	https://osv.dev/vulnerability/CVE-2017-7547	WEB
	https://osv.dev/vulnerability/CVE-2017-7548	WEB
	https://osv.dev/vulnerability/CVE-2018-1052	WEB
	https://osv.dev/vulnerability/CVE-2018-1058	WEB
	https://osv.dev/vulnerability/CVE-2018-16850	WEB
	https://osv.dev/vulnerability/CVE-2019-10129	WEB
	https://osv.dev/vulnerability/CVE-2019-10130	WEB
	https://osv.dev/vulnerability/CVE-2019-10208	WEB
	https://osv.dev/vulnerability/CVE-2019-10209	WEB
	https://osv.dev/vulnerability/CVE-2020-14349	WEB
	https://osv.dev/vulnerability/CVE-2020-14350	WEB
	https://osv.dev/vulnerability/CVE-2020-25694	WEB
	https://osv.dev/vulnerability/CVE-2020-25695	WEB
	https://osv.dev/vulnerability/CVE-2020-25696	WEB
	https://osv.dev/vulnerability/CVE-2021-20229	WEB
	https://osv.dev/vulnerability/CVE-2021-23214	WEB
	https://osv.dev/vulnerability/CVE-2021-32027	WEB
	https://osv.dev/vulnerability/CVE-2021-32028	WEB
	https://osv.dev/vulnerability/CVE-2021-32029	WEB
	https://osv.dev/vulnerability/CVE-2021-3393	WEB
	https://osv.dev/vulnerability/CVE-2021-3677	WEB
	https://osv.dev/vulnerability/CVE-2022-2625	WEB
	https://osv.dev/vulnerability/CVE-2022-41862	WEB
	https://osv.dev/vulnerability/CVE-2023-2454	WEB
	https://osv.dev/vulnerability/CVE-2023-2455	WEB
	https://osv.dev/vulnerability/CVE-2023-39418	WEB
	https://osv.dev/vulnerability/CVE-2023-5870	WEB
	https://osv.dev/vulnerability/CVE-2024-7348	WEB
	https://osv.dev/vulnerability/CVE-2025-51476	WEB
	https://osv.dev/vulnerability/CVE-2025-51477	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-15098	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-15099	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7484	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7485	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7486	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7546	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7547	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7548	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-1052	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-1058	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-16850	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10129	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10130	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10208	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10209	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-14349	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-14350	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-25694	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-25695	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-25696	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-20229	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-23214	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32027	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32028	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32029	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-3393	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-3677	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-2625	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-41862	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2454	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2455	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-39418	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-5870	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-7348	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-51476	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-51477	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "postgresql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.6.4-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FW42039",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T17:19:56.954092Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FW42039"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-15098"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-15099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7484"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7485"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7486"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7546"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7547"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7548"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1052"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1058"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-16850"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10129"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10130"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10208"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10209"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14349"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14350"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-25694"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-25695"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-25696"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-20229"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-23214"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32027"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32028"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32029"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-3393"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-3677"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-2625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-41862"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2454"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2455"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-39418"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-5870"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-7348"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-51476"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-51477"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15098"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7484"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7485"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7486"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7546"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7547"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7548"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1052"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1058"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16850"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10129"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10208"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10209"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14349"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14350"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25694"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25695"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25696"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20229"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23214"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32027"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32028"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32029"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3393"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3677"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41862"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2454"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2455"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39418"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5870"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7348"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51476"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51477"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT",
  "upstream": [
    "CVE-2017-15098",
    "CVE-2017-15099",
    "CVE-2017-7484",
    "CVE-2017-7485",
    "CVE-2017-7486",
    "CVE-2017-7546",
    "CVE-2017-7547",
    "CVE-2017-7548",
    "CVE-2018-1052",
    "CVE-2018-1058",
    "CVE-2018-16850",
    "CVE-2019-10129",
    "CVE-2019-10130",
    "CVE-2019-10208",
    "CVE-2019-10209",
    "CVE-2020-14349",
    "CVE-2020-14350",
    "CVE-2020-25694",
    "CVE-2020-25695",
    "CVE-2020-25696",
    "CVE-2021-20229",
    "CVE-2021-23214",
    "CVE-2021-32027",
    "CVE-2021-32028",
    "CVE-2021-32029",
    "CVE-2021-3393",
    "CVE-2021-3677",
    "CVE-2022-2625",
    "CVE-2022-41862",
    "CVE-2023-2454",
    "CVE-2023-2455",
    "CVE-2023-39418",
    "CVE-2023-5870",
    "CVE-2024-7348",
    "CVE-2025-51476",
    "CVE-2025-51477"
  ]
}

cleanstart-2026-hj04971

Vulnerability from cleanstart

Published

2026-01-30 17:21

Modified

2026-01-29 18:58

Summary

vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT

Details

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2017-15098	WEB
	https://osv.dev/vulnerability/CVE-2017-15099	WEB
	https://osv.dev/vulnerability/CVE-2017-7484	WEB
	https://osv.dev/vulnerability/CVE-2017-7485	WEB
	https://osv.dev/vulnerability/CVE-2017-7486	WEB
	https://osv.dev/vulnerability/CVE-2017-7546	WEB
	https://osv.dev/vulnerability/CVE-2017-7547	WEB
	https://osv.dev/vulnerability/CVE-2017-7548	WEB
	https://osv.dev/vulnerability/CVE-2018-1052	WEB
	https://osv.dev/vulnerability/CVE-2018-1058	WEB
	https://osv.dev/vulnerability/CVE-2018-16850	WEB
	https://osv.dev/vulnerability/CVE-2019-10129	WEB
	https://osv.dev/vulnerability/CVE-2019-10130	WEB
	https://osv.dev/vulnerability/CVE-2019-10208	WEB
	https://osv.dev/vulnerability/CVE-2019-10209	WEB
	https://osv.dev/vulnerability/CVE-2020-14349	WEB
	https://osv.dev/vulnerability/CVE-2020-14350	WEB
	https://osv.dev/vulnerability/CVE-2020-25694	WEB
	https://osv.dev/vulnerability/CVE-2020-25695	WEB
	https://osv.dev/vulnerability/CVE-2020-25696	WEB
	https://osv.dev/vulnerability/CVE-2021-20229	WEB
	https://osv.dev/vulnerability/CVE-2021-23214	WEB
	https://osv.dev/vulnerability/CVE-2021-32027	WEB
	https://osv.dev/vulnerability/CVE-2021-32028	WEB
	https://osv.dev/vulnerability/CVE-2021-32029	WEB
	https://osv.dev/vulnerability/CVE-2021-3393	WEB
	https://osv.dev/vulnerability/CVE-2021-3677	WEB
	https://osv.dev/vulnerability/CVE-2022-2625	WEB
	https://osv.dev/vulnerability/CVE-2022-41862	WEB
	https://osv.dev/vulnerability/CVE-2023-2454	WEB
	https://osv.dev/vulnerability/CVE-2023-2455	WEB
	https://osv.dev/vulnerability/CVE-2023-39418	WEB
	https://osv.dev/vulnerability/CVE-2023-5870	WEB
	https://osv.dev/vulnerability/CVE-2024-7348	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-15098	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-15099	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7484	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7485	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7486	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7546	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7547	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-7548	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-1052	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-1058	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-16850	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10129	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10130	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10208	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10209	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-14349	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-14350	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-25694	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-25695	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-25696	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-20229	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-23214	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32027	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32028	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32029	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-3393	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-3677	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-2625	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-41862	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2454	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2455	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-39418	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-5870	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-7348	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "postgresql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.6.4-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-HJ04971",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T17:21:56.808972Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-HJ04971"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-15098"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-15099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7484"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7485"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7486"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7546"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7547"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-7548"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1052"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1058"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-16850"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10129"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10130"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10208"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10209"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14349"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14350"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-25694"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-25695"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-25696"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-20229"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-23214"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32027"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32028"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32029"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-3393"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-3677"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-2625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-41862"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2454"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2455"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-39418"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-5870"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-7348"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15098"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7484"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7485"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7486"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7546"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7547"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7548"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1052"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1058"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16850"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10129"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10130"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10208"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10209"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14349"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14350"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25694"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25695"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25696"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20229"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23214"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32027"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32028"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32029"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3393"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3677"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41862"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2454"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2455"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39418"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5870"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7348"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT",
  "upstream": [
    "CVE-2017-15098",
    "CVE-2017-15099",
    "CVE-2017-7484",
    "CVE-2017-7485",
    "CVE-2017-7486",
    "CVE-2017-7546",
    "CVE-2017-7547",
    "CVE-2017-7548",
    "CVE-2018-1052",
    "CVE-2018-1058",
    "CVE-2018-16850",
    "CVE-2019-10129",
    "CVE-2019-10130",
    "CVE-2019-10208",
    "CVE-2019-10209",
    "CVE-2020-14349",
    "CVE-2020-14350",
    "CVE-2020-25694",
    "CVE-2020-25695",
    "CVE-2020-25696",
    "CVE-2021-20229",
    "CVE-2021-23214",
    "CVE-2021-32027",
    "CVE-2021-32028",
    "CVE-2021-32029",
    "CVE-2021-3393",
    "CVE-2021-3677",
    "CVE-2022-2625",
    "CVE-2022-41862",
    "CVE-2023-2454",
    "CVE-2023-2455",
    "CVE-2023-39418",
    "CVE-2023-5870",
    "CVE-2024-7348"
  ]
}

FKIE_CVE-2020-25695

Vulnerability from fkie_nvd - Published: 2020-11-16 01:15 - Updated: 2024-11-21 05:18

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1894425	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202012-07	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20201202-0003/	Third Party Advisory
secalert@redhat.com	https://www.postgresql.org/support/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1894425	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202012-07	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20201202-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.postgresql.org/support/security/	Vendor Advisory

Impacted products

Vendor	Product	Version
postgresql	postgresql	*
postgresql	postgresql	*
postgresql	postgresql	*
postgresql	postgresql	*
postgresql	postgresql	*
postgresql	postgresql	*
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B04B9785-AF1D-46C0-BC27-14FDF62E1612",
              "versionEndExcluding": "9.5.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E1856B-F065-4935-85A5-15743C5E6C14",
              "versionEndExcluding": "9.6.20",
              "versionStartIncluding": "9.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D588643-0088-463B-B31F-1721CD20C74E",
              "versionEndExcluding": "10.15",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9D1627-948A-40AC-8C2C-31E11EE31DF9",
              "versionEndExcluding": "11.10",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "811920C1-BA3A-46F6-B4DF-6F2DC8B4DCA4",
              "versionEndExcluding": "12.5",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C9C93F-E573-4AF8-80AE-5F0D3A4CAA5F",
              "versionEndExcluding": "13.1",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en PostgreSQL versiones anteriores a 13.1, anteriores a 12.5, anteriores a 11.10, anteriores a 10.15, anteriores a 9.6.20 y anteriores a 9.5.24.\u0026#xa0;Un atacante que tenga permiso para crear objetos no temporales en al menos un esquema puede ejecutar funciones SQL arbitrarias bajo la identidad de un superusuario.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"
    }
  ],
  "id": "CVE-2020-25695",
  "lastModified": "2024-11-21T05:18:29.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-16T01:15:12.780",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202012-07"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.postgresql.org/support/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202012-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.postgresql.org/support/security/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-XGXP-9X8P-GCW4

Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2022-06-06 18:35

Summary

SQL Injection

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-25695"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-16T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  "id": "GHSA-xgxp-9x8p-gcw4",
  "modified": "2022-06-06T18:35:18Z",
  "published": "2022-02-15T01:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25695"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202012-07"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201202-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/support/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SQL Injection"
}

GSD-2020-25695

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-25695

Aliases

CVE-2020-25695

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-25695",
    "description": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
    "id": "GSD-2020-25695",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-25695.html",
      "https://access.redhat.com/errata/RHSA-2021:1512",
      "https://access.redhat.com/errata/RHSA-2021:0167",
      "https://access.redhat.com/errata/RHSA-2021:0166",
      "https://access.redhat.com/errata/RHSA-2021:0164",
      "https://access.redhat.com/errata/RHSA-2021:0163",
      "https://access.redhat.com/errata/RHSA-2021:0161",
      "https://access.redhat.com/errata/RHSA-2020:5664",
      "https://access.redhat.com/errata/RHSA-2020:5661",
      "https://access.redhat.com/errata/RHSA-2020:5620",
      "https://access.redhat.com/errata/RHSA-2020:5619",
      "https://access.redhat.com/errata/RHSA-2020:5567",
      "https://access.redhat.com/errata/RHSA-2020:5317",
      "https://access.redhat.com/errata/RHSA-2020:5316",
      "https://ubuntu.com/security/CVE-2020-25695",
      "https://advisories.mageia.org/CVE-2020-25695.html",
      "https://security.archlinux.org/CVE-2020-25695",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-25695.html",
      "https://linux.oracle.com/cve/CVE-2020-25695.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-25695"
      ],
      "details": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
      "id": "GSD-2020-25695",
      "modified": "2023-12-13T01:21:56.688408Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-25695",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "postgresql",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-89"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.postgresql.org/support/security/",
            "refsource": "MISC",
            "url": "https://www.postgresql.org/support/security/"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20201202-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
          },
          {
            "name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
          },
          {
            "name": "GLSA-202012-07",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202012-07"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.5.24",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.6.20",
                "versionStartIncluding": "9.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15",
                "versionStartIncluding": "10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.10",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25695"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.postgresql.org/support/security/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.postgresql.org/support/security/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894425"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201202-0003/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20201202-0003/"
            },
            {
              "name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html"
            },
            {
              "name": "GLSA-202012-07",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202012-07"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-19T15:01Z",
      "publishedDate": "2020-11-16T01:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-25695 (GCVE-0-2020-25695)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Vulnerability from cleanstart

Vulnerability from cleanstart

Tags

Sightings

Nomenclature