Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
CVSS Information
N/A
Vulnerability Type
清理环节不完整
Vulnerability Title
PostgreSQL 权限许可和访问控制问题漏洞
Vulnerability Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL 存在权限许可和访问控制问题漏洞,该漏洞源于autovacuum 功能和多个命令可以逃脱“安全限制操作”沙箱。
CVSS Information
N/A
Vulnerability Type
N/A