postgresql postgresql CVE-2020-1720 in PostgreSQL and Red Hat Products
Published on March 17, 2020

product logo product logo
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-1720 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2020-1720 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2020-1720

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1720 are published in these products:

PostgreSQL
 
Red Hat Decision Manager
 
Red Hat Software Collections
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Virtualization
 

Affected Versions

Red Hat postgresql:

Exploit Probability

EPSS
0.35%
Percentile
57.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.