Search for vulnerabilities
Vulnerability details: VCID-vy41-nzv2-aaab
Vulnerability ID VCID-vy41-nzv2-aaab
Aliases CVE-2022-1552
Summary A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-459 Incomplete Cleanup
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:4771
rhas Important https://access.redhat.com/errata/RHSA-2022:4805
rhas Important https://access.redhat.com/errata/RHSA-2022:4807
rhas Important https://access.redhat.com/errata/RHSA-2022:4854
rhas Important https://access.redhat.com/errata/RHSA-2022:4855
rhas Important https://access.redhat.com/errata/RHSA-2022:4856
rhas Important https://access.redhat.com/errata/RHSA-2022:4857
rhas Important https://access.redhat.com/errata/RHSA-2022:4893
rhas Important https://access.redhat.com/errata/RHSA-2022:4894
rhas Important https://access.redhat.com/errata/RHSA-2022:4895
rhas Important https://access.redhat.com/errata/RHSA-2022:4913
rhas Important https://access.redhat.com/errata/RHSA-2022:4915
rhas Important https://access.redhat.com/errata/RHSA-2022:4929
rhas Important https://access.redhat.com/errata/RHSA-2022:5162
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1552.json
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.00300 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01122 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01153 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.01481 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.02844 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.02844 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03143 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03227 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03849 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03849 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03849 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03849 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03849 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03849 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.03849 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04006 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04075 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04112 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04183 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04183 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04541 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04541 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04541 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04541 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.04541 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
epss 0.20796 https://api.first.org/data/v1/epss?cve=CVE-2022-1552
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1552
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1552
archlinux High https://security.archlinux.org/AVG-2719
cvssv3 8.8 https://www.postgresql.org/support/security/CVE-2022-1552/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1552.json
https://access.redhat.com/security/cve/CVE-2022-1552
https://api.first.org/data/v1/epss?cve=CVE-2022-1552
https://bugzilla.redhat.com/show_bug.cgi?id=2081126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1552
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/202211-04
https://security.netapp.com/advisory/ntap-20221104-0005/
https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
https://www.postgresql.org/support/security/CVE-2022-1552/
AVG-2719 https://security.archlinux.org/AVG-2719
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
CVE-2022-1552 https://nvd.nist.gov/vuln/detail/CVE-2022-1552
RHSA-2022:4771 https://access.redhat.com/errata/RHSA-2022:4771
RHSA-2022:4805 https://access.redhat.com/errata/RHSA-2022:4805
RHSA-2022:4807 https://access.redhat.com/errata/RHSA-2022:4807
RHSA-2022:4854 https://access.redhat.com/errata/RHSA-2022:4854
RHSA-2022:4855 https://access.redhat.com/errata/RHSA-2022:4855
RHSA-2022:4856 https://access.redhat.com/errata/RHSA-2022:4856
RHSA-2022:4857 https://access.redhat.com/errata/RHSA-2022:4857
RHSA-2022:4893 https://access.redhat.com/errata/RHSA-2022:4893
RHSA-2022:4894 https://access.redhat.com/errata/RHSA-2022:4894
RHSA-2022:4895 https://access.redhat.com/errata/RHSA-2022:4895
RHSA-2022:4913 https://access.redhat.com/errata/RHSA-2022:4913
RHSA-2022:4915 https://access.redhat.com/errata/RHSA-2022:4915
RHSA-2022:4929 https://access.redhat.com/errata/RHSA-2022:4929
RHSA-2022:5162 https://access.redhat.com/errata/RHSA-2022:5162
USN-5440-1 https://usn.ubuntu.com/5440-1/
USN-5676-1 https://usn.ubuntu.com/5676-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1552.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1552
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1552
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.64956
EPSS Score 0.00261
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.