icon

We found results for “

CVE-2020-25696

Good to know:

icon
icon

Date: November 23, 2020

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Language: C

Severity Score

Severity Score

Weakness Type (CWE)

Privilege Context Switching Error

CWE-270

Permissive List of Allowed Inputs

CWE-183

Incorrect Comparison

CWE-697

Top Fix

icon

Upgrade Version

Upgrade to version REL_13_0,REL_12_5,REL_11_10,REL_10_15,REL9_6_20,REL9_5_24

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us