The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().
References
Link | Resource |
---|---|
https://github.com/pgaudit/set_user/compare/REL2_0_0...REL2_0_1 | Patch Third Party Advisory |
https://github.com/pgaudit/set_user/releases/tag/REL2_0_1 | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-10T18:00:43
Updated: 2021-08-10T18:00:43
Reserved: 2021-08-05T00:00:00
Link: CVE-2021-38140
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-10T18:15:07.263
Modified: 2021-08-17T18:58:56.190
Link: CVE-2021-38140
JSON object: View
Redhat Information
No data.
CWE