CVE-2020-14350 : It was found that some PostgreSQL extensions did not use search

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

Published 2020-08-24 13:15:11

Updated 2023-01-24 02:38:40

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2020-14350

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Postgresql » Postgresql
Versions from including (>=) 9.5 and before (<) 9.5.23
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Matching versions
Postgresql » Postgresql
Versions from including (>=) 12.0 and before (<) 12.4
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Matching versions
Postgresql » Postgresql
Versions from including (>=) 10.0 and before (<) 10.14
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Matching versions
Postgresql » Postgresql
Versions from including (>=) 9.6 and before (<) 9.6.19
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Matching versions
Postgresql » Postgresql
Versions from including (>=) 11.0 and before (<) 11.9
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-14350

Top countries where our scanners detected CVE-2020-14350

Top open port discovered on systems with this issue 5432

IPs affected by CVE-2020-14350 192,097

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-14350!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-14350

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-14350

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H	1.3	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-14350

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-14350

https://security.netapp.com/advisory/ntap-20200918-0002/

August 2020 PostgreSQL Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

[security-announce] openSUSE-SU-2020:1227-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html

[security-announce] openSUSE-SU-2020:1244-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4472-1/

USN-4472-1: PostgreSQL vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1865746

1865746 – (CVE-2020-14350) CVE-2020-14350 postgresql: uncontrolled search path element in CREATE EXTENSION
Issue Tracking;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html

[security-announce] openSUSE-SU-2020:1243-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202008-13

PostgreSQL: Multiple vulnerabilities (GLSA 202008-13) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html

[security-announce] openSUSE-SU-2020:1312-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html

[security-announce] openSUSE-SU-2020:1228-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html

[security-announce] openSUSE-SU-2020:1326-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/08/msg00028.html

[SECURITY] [DLA 2331-1] posgresql-9.6 security update
Mailing List;Third Party Advisory