CVE-2023-32305: Input Validation

First published: Fri May 12 2023(Updated: )

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.

Credit: security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/first-publish-date
• agent/severity
• agent/remedy
• agent/last-modified-date
• agent/weakness
• agent/references
• agent/author
• agent/description
• agent/softwarecombine
• agent/tags
• agent/event
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• collector/nvd-index
• vendor/aiven
• canonical/aiven aiven
• vendor/postgresql
• canonical/postgresql postgresql
• version/postgresql postgresql/10.0
• version/postgresql postgresql/10.22
• version/postgresql postgresql/11.0
• version/postgresql postgresql/11.7
• version/postgresql postgresql/12.0
• version/postgresql postgresql/12.12
• version/postgresql postgresql/13.0
• version/postgresql postgresql/13.8
• version/postgresql postgresql/14.0
• version/postgresql postgresql/14.5