CVE-2023-2454

Summary

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
n/apostgresqlPostgreSQL 15.3, PostgreSQL 14.8, PostgreSQL 13.11, PostgreSQL 12.15, PostgreSQL 11.20affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References