BIT-postgresql-2020-10733

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2020-10733.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-postgresql-2020-10733

Aliases

CVE-2020-10733

Published

2024-03-06T11:07:00.207Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

Database specific

{
    "cpes": [
        "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / postgresql

Package

Name: postgresql
Purl: pkg:bitnami/postgresql

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

9.5.0

Fixed

9.5.22

Introduced

9.6.0

Fixed

9.6.18

Introduced

10.0.0

Fixed

10.13.0

Introduced

11.0.0

Fixed

11.8.0

Introduced

12.0.0

Fixed

12.3.0