CVE-2020-1720
Description
A flaw was found in PostgreSQLs ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.351
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 9.6.17 | Windows |
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 10.12 | Windows |
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 11.7 | Windows |
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 12.2 | Windows |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 12.2 | Windows |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 11.7 | Windows |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 10.12 | Windows |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 9.6.17 | Windows |
| postgresql-11 security update(DSA-4623-1) postgresql-11_11.7-0+deb10u1_i386.deb | Linux |
| postgresql-11 security update(DSA-4623-1) postgresql-11_11.7-0+deb10u1_amd64.deb | Linux |
| Object-relational SQL database (USN-4282-1) postgresql-10_10.12-0ubuntu0.18.04.1_i386.deb | Linux |
| Object-relational SQL database (USN-4282-1) postgresql-10_10.12-0ubuntu0.18.04.1_amd64.deb | Linux |
| Object-relational SQL database (USN-4282-1) postgresql-11_11.7-0ubuntu0.19.10.1_i386.deb | Linux |
| Object-relational SQL database (USN-4282-1) postgresql-11_11.7-0ubuntu0.19.10.1_amd64.deb | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) libecpg6-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) libecpg6-debuginfo-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-32bit-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-debuginfo-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpq5-debuginfo-32bit-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-debuginfo-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-debugsource-10.12-1.18.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Desktop 12-SP4 ) postgresql10-libs-debugsource-10.12-1.18.1.x86_64.rpm | Linux |
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 9.6.17 (For Linux) | Linux |
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 10.12 (For Linux) | Linux |
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 11.7 (For Linux) | Linux |
| Vulnerabilities CVE-2020-1720 Announcement are fixed in Postgresql 12.2 (For Linux) | Linux |
| (RHSA-2020:5620) postgresql:12 security update pgaudit-1.4.0-4.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update pgaudit-debugsource-1.4.0-4.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgres-decoderbufs-0.10.0-2.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgres-decoderbufs-debugsource-0.10.0-2.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-contrib-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-debugsource-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-docs-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-plperl-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-plpython3-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-pltcl-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-server-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-server-devel-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-static-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-test-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-test-rpm-macros-12.5-1.module+el8.3.0+9042+664538f4.noarch.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-upgrade-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5620) postgresql:12 security update postgresql-upgrade-devel-12.5-1.module+el8.3.0+9042+664538f4.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| (RHSA-2020:5619) postgresql:9.6 security update postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql update (ELSA-2021-9290) rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-contrib update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-contrib-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-devel update (ELSA-2021-9290) rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-docs update (ELSA-2021-9290) rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-libs update (ELSA-2021-9290) rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-plperl update (ELSA-2021-9290) rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-plpython update (ELSA-2021-9290) rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-pltcl update (ELSA-2021-9290) rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-server update (ELSA-2021-9290) rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-server-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-static update (ELSA-2021-9290) rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpm | Linux |
| Rh-postgresql10-postgresql-test update (ELSA-2021-9290) rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpm | Linux |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 12.2 (For Linux) | Linux |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 11.7 (For Linux) | Linux |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 10.12 (For Linux) | Linux |
| Vulnerabilities CVE-2020-1720 are fixed in PostgreSQL 9.6.17 (For Linux) | Linux |
| SUSE-SU-2020:0715-1(SUSE Linux Enterprise Server 12-SP5 ) postgresql10-libs-debugsource-10.12-1.18.1.x86_64_12_SP5.rpm | Linux |
| Missing Authorization Vulnerability (CVE-2020-1720) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234