CVE-2023-2454

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-2454

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2454.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-2454

Aliases

BIT-postgresql-2023-2454

Downstream

ALPINE-CVE-2023-2454

DEBIAN-CVE-2023-2454

DLA-3422-1

DSA-5401-1

OESA-2023-1567

OESA-2023-1568

OESA-2023-1569

RHSA-2023:3714

RHSA-2023:4313

RHSA-2023:4327

RHSA-2023:4527

RHSA-2023:4535

RHSA-2023:4539

RHSA-2023:5269

RHSA-2023:7545

RHSA-2023:7580

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7772

RLSA-2023:4327

SUSE-SU-2023:2198-1

SUSE-SU-2023:2199-1

SUSE-SU-2023:2200-1

SUSE-SU-2023:2201-1

SUSE-SU-2023:2202-1

SUSE-SU-2023:2205-1

SUSE-SU-2023:2206-1

SUSE-SU-2023:2207-1

SUSE-SU-2023:2219-1

UBUNTU-CVE-2023-2454

USN-6104-1

USN-6230-1

openSUSE-SU-2024:12929-1

openSUSE-SU-2024:12930-1

openSUSE-SU-2024:12931-1

openSUSE-SU-2024:12932-1

openSUSE-SU-2024:12933-1

openSUSE-SU-2024:14360-1

Related

Published

2023-06-09T19:15:09Z

Modified

2025-10-21T13:11:24.544165Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

References

Affected packages

Git / git.postgresql.org/git/postgresql.git

Affected ranges

Type: GIT
Repo: https://git.postgresql.org/git/postgresql.git
Events: Introduced

19f20081df059fef87e14c8e953669bd173dd7f1

Fixed

f96e531b1c079ae148b927a204845c7150a573f8

Affected versions

Other

REL_11_0

REL_11_1

REL_11_10

REL_11_11

REL_11_12

REL_11_13

REL_11_14

REL_11_15

REL_11_16

REL_11_17

REL_11_18

REL_11_19

REL_11_2

REL_11_3

REL_11_4

REL_11_5

REL_11_6

REL_11_7

REL_11_8

REL_11_9