user/postgresql: CVE-2022-1552: "security restricted operation" sandbox omitted.
CVE-2022-1552: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox.
https://www.postgresql.org/support/security/CVE-2022-1552/
Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is maintaining another user's objects. Those commands activated relevant protections too late or not at all. An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity.
While promptly updating PostgreSQL is the best remediation for most users, a user unable to do that can work around the vulnerability by disabling autovacuum, not manually running the above commands, and not restoring from output of the pg_dump command. Performance may degrade quickly under this workaround. VACUUM is safe, and all commands are fine when a trusted user owns the target object.
The PostgreSQL project thanks Alexander Lakhin for reporting this problem.
Affected Version | Fixed In | Fix Published |
---|---|---|
14 | 14.3 | 2022-05-12 |
13 | 13.7 | 2022-05-12 |
12 | 12.11 | 2022-05-12 |
11 | 11.16 | 2022-05-12 |
10 | 10.21 | 2022-05-12 |
For more information about PostgreSQL versioning, please visit the versioning page.
Overall Score | 8.8 |
---|---|
Component | core server |
Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |