Search for vulnerabilities
Vulnerability details: VCID-23g8-dcz6-aaan
Vulnerability ID VCID-23g8-dcz6-aaan
Aliases CVE-2023-39417
Summary IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:0304
ssvc Track https://access.redhat.com/errata/RHSA-2024:0304
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:0332
ssvc Track https://access.redhat.com/errata/RHSA-2024:0332
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:0337
ssvc Track https://access.redhat.com/errata/RHSA-2024:0337
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39417.json
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00371 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00371 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00371 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00371 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00509 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.08315 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
epss 0.16354 https://api.first.org/data/v1/epss?cve=CVE-2023-39417
cvssv3.1 6.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-39417
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-39417
cvssv3 7.5 https://www.postgresql.org/support/security/CVE-2023-39417/
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39417.json
https://access.redhat.com/security/cve/CVE-2023-39417
https://api.first.org/data/v1/epss?cve=CVE-2023-39417
https://bugzilla.redhat.com/show_bug.cgi?id=2228111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5870
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html
https://security.netapp.com/advisory/ntap-20230915-0002/
https://www.debian.org/security/2023/dsa-5553
https://www.debian.org/security/2023/dsa-5554
https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
https://www.postgresql.org/support/security/CVE-2023-39417
https://www.postgresql.org/support/security/CVE-2023-39417/
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:/a:redhat:advanced_cluster_security:3.74::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:3.74::el8
cpe:/a:redhat:advanced_cluster_security:4.1::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.1::el8
cpe:/a:redhat:advanced_cluster_security:4.2::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.2::el8
cpe:/a:redhat:enterprise_linux:8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
cpe:/a:redhat:rhel_aus:8.2::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.4::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.2::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.2::appstream
cpe:/a:redhat:rhel_e4s:8.4::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.4::appstream
cpe:/a:redhat:rhel_eus:8.6::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.0::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream
cpe:/a:redhat:rhel_eus:9.0::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::crb
cpe:/a:redhat:rhel_eus:9.2::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_eus:9.2::crb https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb
cpe:/a:redhat:rhel_software_collections:3 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_software_collections:3
cpe:/a:redhat:rhel_software_collections:3::el7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_software_collections:3::el7
cpe:/a:redhat:rhel_tus:8.2::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.2::appstream
cpe:/a:redhat:rhel_tus:8.4::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.4::appstream
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
CVE-2023-39417 https://nvd.nist.gov/vuln/detail/CVE-2023-39417
RHSA-2024:0304 https://access.redhat.com/errata/RHSA-2024:0304
RHSA-2024:0332 https://access.redhat.com/errata/RHSA-2024:0332
RHSA-2024:0337 https://access.redhat.com/errata/RHSA-2024:0337
USN-6296-1 https://usn.ubuntu.com/6296-1/
USN-6366-1 https://usn.ubuntu.com/6366-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:0304
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T15:28:16Z/ Found at https://access.redhat.com/errata/RHSA-2024:0304
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:0332
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T15:28:16Z/ Found at https://access.redhat.com/errata/RHSA-2024:0332
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:0337
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T15:28:16Z/ Found at https://access.redhat.com/errata/RHSA-2024:0337
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39417.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39417
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39417
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.72576
EPSS Score 0.00356
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.