PostgreSQL vulnerability in SANnav 2.2.0.2
22465
29 August 2023
29 August 2023
CLOSED
MEDIUM
8.0 HIGH - Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2625
|
Brocade Security Advisory ID |
BSA-2023-2071 |
|
Component |
PostgreSQL |
|
|
|
Summary
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.
Products Affected
Brocade SANnav versions after v2.2.0 and prior to v2.2.2a are affected.
Products Confirmed Not Affected
Brocade Fabric OS and Brocade ASCG are not affected
Solution
Security update provided in SANnav versions v2.2.2a, v2.3.0 and later versions
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
August 29, 2023 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.