Search for vulnerabilities
Vulnerability details: VCID-bqpm-hqn6-aaak
Vulnerability ID VCID-bqpm-hqn6-aaak
Aliases CVE-2020-14349
Summary It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-427 Uncontrolled Search Path Element
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14349.html
rhas Moderate https://access.redhat.com/errata/RHSA-2020:3669
rhas Moderate https://access.redhat.com/errata/RHSA-2020:5110
rhas Moderate https://access.redhat.com/errata/RHSA-2020:5112
rhas Important https://access.redhat.com/errata/RHSA-2020:5620
rhas Important https://access.redhat.com/errata/RHSA-2020:5664
rhas Important https://access.redhat.com/errata/RHSA-2021:0163
rhas Important https://access.redhat.com/errata/RHSA-2021:0166
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0988
cvssv3 7.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14349.json
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00221 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00453 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00453 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00622 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.00677 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
epss 0.01884 https://api.first.org/data/v1/epss?cve=CVE-2020-14349
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1865744
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14349
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-14349
cvssv3 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14349
cvssv3.1 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14349
generic_textual Medium https://ubuntu.com/security/notices/USN-4472-1
generic_textual Medium https://www.postgresql.org/about/news/2060/
cvssv3 7.5 https://www.postgresql.org/support/security/CVE-2020-14349/
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14349.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14349.json
https://api.first.org/data/v1/epss?cve=CVE-2020-14349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14349
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/202008-13
https://security.netapp.com/advisory/ntap-20200918-0002/
https://ubuntu.com/security/notices/USN-4472-1
https://usn.ubuntu.com/4472-1/
https://www.postgresql.org/about/news/2060/
https://www.postgresql.org/about/news/postgresql-124-119-1014-9619-9523-and-13-beta-3-released-2060/
https://www.postgresql.org/support/security/CVE-2020-14349/
1865744 https://bugzilla.redhat.com/show_bug.cgi?id=1865744
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
CVE-2020-14349 https://nvd.nist.gov/vuln/detail/CVE-2020-14349
RHSA-2020:3669 https://access.redhat.com/errata/RHSA-2020:3669
RHSA-2020:5110 https://access.redhat.com/errata/RHSA-2020:5110
RHSA-2020:5112 https://access.redhat.com/errata/RHSA-2020:5112
RHSA-2020:5620 https://access.redhat.com/errata/RHSA-2020:5620
RHSA-2020:5664 https://access.redhat.com/errata/RHSA-2020:5664
RHSA-2021:0163 https://access.redhat.com/errata/RHSA-2021:0163
RHSA-2021:0166 https://access.redhat.com/errata/RHSA-2021:0166
RHSA-2021:0988 https://access.redhat.com/errata/RHSA-2021:0988
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14349.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14349
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14349
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14349
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.60641
EPSS Score 0.00221
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.