Vulnerability Details : CVE-2020-25696
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Vulnerability category: Execute code
Products affected by CVE-2020-25696
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-25696
Top countries where our scanners detected CVE-2020-25696
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2020-25696 216,081
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-25696!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-25696
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25696
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2020-25696
-
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.Assigned by: secalert@redhat.com (Primary)
-
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.Assigned by: secalert@redhat.com (Primary)
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2020-25696
-
https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html
[SECURITY] [DLA 2478-1] postgresql-9.6 security updateMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1894430
1894430 – (CVE-2020-25696) CVE-2020-25696 postgresql: psql's \gset allows overwriting specially treated variablesIssue Tracking;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/202012-07
Third Party Advisory
-
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
PostgreSQL: PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 Released!Release Notes;Vendor Advisory
Jump to