Vulnerability Description
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | >= 9.6, < 9.6.17 |
| Redhat | Decision Manager | 7.0 |
| Redhat | Software Collections | - |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1720Issue TrackingPatchThird Party Advisory
- https://www.postgresql.org/about/news/2011/Release NotesVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1720Issue TrackingPatchThird Party Advisory
- https://www.postgresql.org/about/news/2011/Release NotesVendor Advisory
FAQ
What is CVE-2020-1720?
CVE-2020-1720 is a vulnerability with a CVSS score of 3.1 (LOW). A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to p...
How severe is CVE-2020-1720?
CVE-2020-1720 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1720?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Redhat Decision Manager, Redhat Software Collections, Redhat Enterprise Linux.