CVE-2023-2454
Summary
| CVE | CVE-2023-2454 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-09 19:15:00 UTC |
| Updated | 2023-07-06 19:15:00 UTC |
| Description | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
| Application | Postgresql | Postgresql | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 9.0 | All | All | All |
| Application | Redhat | Software Collections | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PostgreSQL: CVE-2023-2454: CREATE SCHEMA ... schema_element defeats protective search_path changes | MISC | www.postgresql.org | |
| cve-details | MISC | access.redhat.com | |
| 403 Forbidden | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160753 Oracle Enterprise Linux Security Update for postgresql (ELSA-2023-3714)
- 160823 Oracle Enterprise Linux Security Update for 15 (ELSA-2023-4327)
- 160851 Oracle Enterprise Linux Security Update for postgresql:12 (ELSA-2023-4535)
- 160855 Oracle Enterprise Linux Security Update for postgresql:13 (ELSA-2023-4527)
- 160865 Oracle Enterprise Linux Security Update for postgresql:10 (ELSA-2023-4539)
- 160930 Oracle Enterprise Linux Security Update for postgresql:15 (ELSA-2023-5269)
- 181779 Debian Security Update for postgresql-13 (DSA 5401-1)
- 181785 Debian Security Update for postgresql-11 (DLA 3422-1)
- 182443 Debian Security Update for postgresql-15 (CVE-2023-2454)
- 199364 Ubuntu Security Notification for PostgreSQL Vulnerabilities (USN-6104-1)
- 199588 Ubuntu Security Notification for PostgreSQL Vulnerability (USN-6230-1)
- 241734 Red Hat Update for postgresql (RHSA-2023:3714)
- 241866 Red Hat Update for rh-postgresql12-postgresql (RHSA-2023:4313)
- 241869 Red Hat Update for postgresql:15 (RHSA-2023:4327)
- 241925 Red Hat Update for postgresql:10 (RHSA-2023:4539)
- 241935 Red Hat Update for postgresql:13 (RHSA-2023:4527)
- 241942 Red Hat Update for postgresql:12 (RHSA-2023:4535)
- 242069 Red Hat Update for postgresql:15 (RHSA-2023:5269)
- 242527 Red Hat Update for postgresql (RHSA-2023:7545)
- 242534 Red Hat Update for postgresql:13 (RHSA-2023:7580)
- 242546 Red Hat Update for postgresql:12 (RHSA-2023:7666)
- 242547 Red Hat Update for postgresql:12 (RHSA-2023:7667)
- 242550 Red Hat Update for postgresql:13 (RHSA-2023:7695)
- 242552 Red Hat Update for postgresql:12 (RHSA-2023:7694)
- 242592 Red Hat Update for rh-postgresql13-postgresql (RHSA-2023:7772)
- 355432 Amazon Linux Security Advisory for postgresql92 : ALAS-2023-1759
- 355625 Amazon Linux Security Advisory for postgresql15 : ALAS2023-2023-241
- 356172 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL13-2023-001
- 356278 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL12-2023-001
- 356294 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL11-2023-001
- 356297 Amazon Linux Security Advisory for postgresql : ALASPOSTGRESQL14-2023-001
- 356475 Amazon Linux Security Advisory for postgresql : ALAS2POSTGRESQL13-2023-001
- 357229 Amazon Linux Security Advisory for postgresql : ALAS2-2024-2462
- 378894 Alibaba Cloud Linux Security Update for postgresql:13 (ALINUX3-SA-2023:0109)
- 503001 Alpine Linux Security Update for postgresql
- 503002 Alpine Linux Security Update for postgresql
- 503003 Alpine Linux Security Update for postgresql13
- 503004 Alpine Linux Security Update for postgresql14
- 503005 Alpine Linux Security Update for postgresql12
- 503006 Alpine Linux Security Update for postgresql15
- 503007 Alpine Linux Security Update for postgresql12
- 505795 Alpine Linux Security Update for postgresql12
- 505796 Alpine Linux Security Update for postgresql13
- 673920 EulerOS Security Update for postgresql (EulerOS-SA-2023-3146)
- 691168 Free Berkeley Software Distribution (FreeBSD) Security Update for postgresql (fbb5a260-f00f-11ed-bbae-6cc21735f730)
- 754006 SUSE Enterprise Linux Security Update for postgresql15 (SUSE-SU-2023:2207-1)
- 754007 SUSE Enterprise Linux Security Update for postgresql15 (SUSE-SU-2023:2206-1)
- 754008 SUSE Enterprise Linux Security Update for postgresql14 (SUSE-SU-2023:2205-1)
- 754010 SUSE Enterprise Linux Security Update for postgresql14 (SUSE-SU-2023:2202-1)
- 754011 SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2023:2201-1)
- 754012 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2023:2200-1)
- 754013 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2023:2199-1)
- 754014 SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2023:2198-1)
- 754016 SUSE Enterprise Linux Security Update for postgresql13 (SUSE-SU-2023:2219-1)
- 941148 AlmaLinux Security Update for postgresql (ALSA-2023:3714)
- 941204 AlmaLinux Security Update for postgresql:15 (ALSA-2023:4327)
- 941224 AlmaLinux Security Update for postgresql:12 (ALSA-2023:4535)
- 941225 AlmaLinux Security Update for postgresql:13 (ALSA-2023:4527)
- 941226 AlmaLinux Security Update for postgresql:10 (ALSA-2023:4539)
- 941260 AlmaLinux Security Update for postgresql:15 (ALSA-2023:5269)
- 960966 Rocky Linux Security Update for postgresql:15 (RLSA-2023:4327)
- 961028 Rocky Linux Security Update for postgresql:12 (RLSA-2023:4535)
- 961043 Rocky Linux Security Update for postgresql:13 (RLSA-2023:4527)