CVE-2023-39417
Postgresql: extension script @substitutions@ within quoting allow sql injection
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
| CWE | CWE-89 |
| Vendor | red hat |
| Product | red hat advanced cluster security 4.2 |
| Published | Aug 11, 2023 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat advanced cluster security 4.2
Be the first to know when new high vulnerabilities affecting red hat red hat advanced cluster security 4.2 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Software Collections for Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Software Collections for Red Hat Enterprise Linux 7
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Software Collections
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7545 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7579 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7580 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7581 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7616 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7656 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7666 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7667 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7694 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7695 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7714 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7770 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7772 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7784 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7785 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7883 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7884 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7885 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0304 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0332 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0337 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-39417 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2228111 postgresql.org: https://www.postgresql.org/support/security/CVE-2023-39417 lists.debian.org: https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html security.netapp.com: https://security.netapp.com/advisory/ntap-20230915-0002/ debian.org: https://www.debian.org/security/2023/dsa-5553 debian.org: https://www.debian.org/security/2023/dsa-5554