PostgreSQL Extension Script SQLi via @extowner@ @extschema@
CVE-2023-39417 Published on August 11, 2023
Postgresql: extension script @substitutions@ within quoting allow sql injection
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Vulnerability Analysis
CVE-2023-39417 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Reported to Red Hat.
Made public. 9 days later.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2023-39417 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2023-39417
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-39417 are published in these products:
Affected Versions
Red Hat Advanced Cluster Security 4.2:- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 8090020231114113712.a75119d5 and below * is unaffected.
- Version 8090020231128173330.a75119d5 and below * is unaffected.
- Version 8090020231114113548.a75119d5 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8060020231114115246.ad008a3a and below * is unaffected.
- Version 8060020231128165328.ad008a3a and below * is unaffected.
- Version 8080020231114105206.63b34585 and below * is unaffected.
- Version 8080020231128165335.63b34585 and below * is unaffected.
- Version 8080020231113134015.63b34585 and below * is unaffected.
- Version 0:13.13-1.el9_3 and below * is unaffected.
- Version 9030020231120082734.rhel9 and below * is unaffected.
- Version 0:13.13-1.el9_0 and below * is unaffected.
- Version 0:13.13-1.el9_2 and below * is unaffected.
- Version 9020020231115020618.rhel9 and below * is unaffected.
- Version 0:12.17-1.el7 and below * is unaffected.
- Version 0:13.13-1.el7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.