Test Kennung:	1.3.6.1.4.1.25623.1.0.143610
Kategorie:	Databases
Titel:	PostgreSQL < 9.4.26, 9.5.x < 9.5.21, 9.6.x < 9.6.17, 10.x < 10.12, 11.x < 11.7, 12.x < 12.2 Authorization Check Vulnerability (Linux)
Zusammenfassung:	PostgreSQL is prone to an authorization check vulnerability.
Beschreibung:	Summary: PostgreSQL is prone to an authorization check vulnerability. Vulnerability Impact: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION. Affected Software/OS: PostgreSQL versions prior to 9.4.26, 9.5.x prior to 9.5.21, 9.6.x prior to 9.6.17, 10.x prior to 10.12, 11.x prior to 11.7 and 12.x prior to 12.2. Solution: Update to version 9.4.26, 9.5.21, 9.6.17, 10.12, 11.7, 12.2 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-1720 https://www.postgresql.org/about/news/2011/ SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.