CVE-2020-10733

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10733

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10733.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-10733

Aliases

BIT-postgresql-2020-10733

Withdrawn

2025-05-27T04:02:26.298207Z

Published

2020-09-16T15:15:12Z

Modified

2025-01-14T08:15:05.850609Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

References

Affected packages

Git / git.postgresql.org/git/postgresql.git

Affected ranges

Type: GIT
Repo: https://git.postgresql.org/git/postgresql.git
Events: Introduced

cdd4ed5449bf317cc71b45a8deee0173822e7592

Fixed

7aa52945de3206191f8b2b121568d316ac4b234e

Affected versions

Other

REL9_5_0

REL9_5_1

REL9_5_10

REL9_5_11

REL9_5_12

REL9_5_13

REL9_5_14

REL9_5_15

REL9_5_16

REL9_5_17

REL9_5_18

REL9_5_19

REL9_5_2

REL9_5_20

REL9_5_21

REL9_5_3

REL9_5_4

REL9_5_5

REL9_5_6

REL9_5_7

REL9_5_8

REL9_5_9