CVE-2020-10733
Description
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installers administrative rights.
Risk Information
Base Score
7.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.249
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 9.5.22 | Windows |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 9.6.18 | Windows |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 10.13 | Windows |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 11.8 | Windows |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 12.3 | Windows |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 12.3 | Windows |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 11.8 | Windows |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 10.13 | Windows |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 9.6.18 | Windows |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 9.5.22 | Windows |
| Vulnerabilities CVE-2020-10733,CVE-2020-21469 are affected in Postgresql 12.2 | Windows |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 9.5.22 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 9.6.18 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 10.13 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 11.8 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 Announcement are fixed in Postgresql 12.3 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 12.3 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 11.8 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 10.13 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 9.6.18 (For Linux) | Linux |
| Vulnerabilities CVE-2020-10733 are fixed in PostgreSQL 9.5.22 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234