Home

CVE-2020-14350

Description

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

Risk Information

Base Score
7.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.03

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-14350 Announcement are fixed in Postgresql 9.5.23Windows
Vulnerabilities CVE-2020-14350 Announcement are fixed in Postgresql 9.6.19Windows
Vulnerabilities CVE-2020-14350 Announcement,CVE-2020-14349 Announcement are fixed in Postgresql 10.14Windows
Vulnerabilities CVE-2020-14350 Announcement,CVE-2020-14349 Announcement are fixed in Postgresql 11.9Windows
Vulnerabilities CVE-2020-14350 Announcement,CVE-2020-14349 Announcement are fixed in Postgresql 12.4Windows
Vulnerabilities CVE-2020-14350,CVE-2020-14349 are fixed in PostgreSQL 12.4Windows
Vulnerabilities CVE-2020-14350,CVE-2020-14349 are fixed in PostgreSQL 11.9Windows
Vulnerabilities CVE-2020-14350,CVE-2020-14349 are fixed in PostgreSQL 10.14Windows
Vulnerabilities CVE-2020-14350 are fixed in PostgreSQL 9.6.19Windows
Vulnerabilities CVE-2020-14350 are fixed in PostgreSQL 9.5.23Windows
Object-relational SQL database (USN-4472-1) postgresql-10_10.14-0ubuntu0.18.04.1_i386.debLinux
Object-relational SQL database (USN-4472-1) postgresql-10_10.14-0ubuntu0.18.04.1_amd64.debLinux
Object-relational SQL database (USN-4472-1) postgresql-12_12.4-0ubuntu0.20.04.1_i386.debLinux
Object-relational SQL database (USN-4472-1) postgresql-12_12.4-0ubuntu0.20.04.1_amd64.debLinux
Object-relational SQL database (USN-4472-1) postgresql-9.5_9.5.23-0ubuntu0.16.04.1_i386.debLinux
Object-relational SQL database (USN-4472-1) postgresql-9.5_9.5.23-0ubuntu0.16.04.1_amd64.debLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) libecpg6-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) libecpg6-debuginfo-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-32bit-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-debuginfo-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) libpq5-debuginfo-32bit-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-contrib-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-contrib-debuginfo-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-debuginfo-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-debugsource-12.5-3.9.1.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-debugsource-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-docs-12.5-3.9.3.noarch.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plperl-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plperl-debuginfo-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plpython-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-plpython-debuginfo-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-pltcl-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-pltcl-debuginfo-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-server-12.5-3.9.3.x86_64.rpmLinux
SUSE-SU-2020:3630-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql12-server-debuginfo-12.5-3.9.3.x86_64.rpmLinux
Vulnerabilities CVE-2020-14350 Announcement are fixed in Postgresql 9.5.23 (For Linux)Linux
Vulnerabilities CVE-2020-14350 Announcement are fixed in Postgresql 9.6.19 (For Linux)Linux
Vulnerabilities CVE-2020-14350 Announcement,CVE-2020-14349 Announcement are fixed in Postgresql 10.14 (For Linux)Linux
Vulnerabilities CVE-2020-14350 Announcement,CVE-2020-14349 Announcement are fixed in Postgresql 11.9 (For Linux)Linux
Vulnerabilities CVE-2020-14350 Announcement,CVE-2020-14349 Announcement are fixed in Postgresql 12.4 (For Linux)Linux
(RHSA-2020:5620) postgresql:12 security update pgaudit-1.4.0-4.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update pgaudit-debugsource-1.4.0-4.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgres-decoderbufs-0.10.0-2.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgres-decoderbufs-debugsource-0.10.0-2.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-contrib-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-debugsource-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-docs-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-plperl-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-plpython3-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-pltcl-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-server-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-server-devel-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-static-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-test-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-test-rpm-macros-12.5-1.module+el8.3.0+9042+664538f4.noarch.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-upgrade-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5620) postgresql:12 security update postgresql-upgrade-devel-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
Postgresql update (ELSA-2020-5619-1) postgresql-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-contrib update (ELSA-2020-5619-1) postgresql-contrib-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-docs update (ELSA-2020-5619-1) postgresql-docs-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-plperl update (ELSA-2020-5619-1) postgresql-plperl-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-plpython3 update (ELSA-2020-5619-1) postgresql-plpython3-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-pltcl update (ELSA-2020-5619-1) postgresql-pltcl-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-server update (ELSA-2020-5619-1) postgresql-server-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-server-devel update (ELSA-2020-5619-1) postgresql-server-devel-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-static update (ELSA-2020-5619-1) postgresql-static-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-test update (ELSA-2020-5619-1) postgresql-test-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-test-rpm-macros update (ELSA-2020-5619-1) postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Rh-postgresql10-postgresql update (ELSA-2021-9290) rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-devel update (ELSA-2021-9290) rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-docs update (ELSA-2021-9290) rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-libs update (ELSA-2021-9290) rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plperl update (ELSA-2021-9290) rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plpython update (ELSA-2021-9290) rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-pltcl update (ELSA-2021-9290) rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server update (ELSA-2021-9290) rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-static update (ELSA-2021-9290) rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-test update (ELSA-2021-9290) rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpmLinux
Vulnerabilities CVE-2020-14350,CVE-2020-14349 are fixed in PostgreSQL 12.4 (For Linux)Linux
Vulnerabilities CVE-2020-14350,CVE-2020-14349 are fixed in PostgreSQL 11.9 (For Linux)Linux
Vulnerabilities CVE-2020-14350,CVE-2020-14349 are fixed in PostgreSQL 10.14 (For Linux)Linux
Vulnerabilities CVE-2020-14350 are fixed in PostgreSQL 9.6.19 (For Linux)Linux
Vulnerabilities CVE-2020-14350 are fixed in PostgreSQL 9.5.23 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234