Unrated severityNVD Advisory· Published Mar 17, 2020· Updated Aug 4, 2024

CVE-2020-1720

Description

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

Affected products

osv-coords94 versions
pkg:bitnami/postgresql pkg:rpm/almalinux/postgres-decoderbufs pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/postgresql10&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql11&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql12&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/postgresql12&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/postgresql96&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/postgresql&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/postgresql10&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql10&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql10&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql10-libs&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql10-libs&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/postgresql12-libs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/postgresql12-libs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/postgresql96&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql96&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/postgresql96&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql96&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql96-libs&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/postgresql96-libs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/postgresql96-libs&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/postgresql96-libs&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/postgresql96-libs&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/python-psycopg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
>= 9.6.0, < 9.6.17+ 93 more
- (no CPE)range: >= 9.6.0, < 9.6.17
- (no CPE)range: < 0.10.0-2.module_el8.6.0+2760+1746ec94
- (no CPE)range: < 10.12-lp151.2.9.1
- (no CPE)range: < 10.18-1.3
- (no CPE)range: < 11.13-1.3
- (no CPE)range: < 12.3-lp151.2.1
- (no CPE)range: < 12.8-1.3
- (no CPE)range: < 9.6.19-lp151.3.3.1
- (no CPE)range: < 12.0.1-lp151.6.9.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-4.19.1
- (no CPE)range: < 10.12-4.19.1
- (no CPE)range: < 10.12-4.19.1
- (no CPE)range: < 10.12-8.13.9
- (no CPE)range: < 10.12-4.19.1
- (no CPE)range: < 10.12-4.19.1
- (no CPE)range: < 10.12-8.13.9
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-4.19.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-4.19.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 10.12-1.18.1
- (no CPE)range: < 12.2-3.5.2
- (no CPE)range: < 12.2-3.5.2
- (no CPE)range: < 12.2-3.5.2
- (no CPE)range: < 12.2-3.5.2
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 9.6.17-3.33.1
- (no CPE)range: < 12.0.1-8.14.1
- (no CPE)range: < 12.0.1-8.14.1
- (no CPE)range: < 12-8.11.3
- (no CPE)range: < 12.0.1-8.14.1
- (no CPE)range: < 12-8.11.3
- (no CPE)range: < 12.0.1-8.14.1
- (no CPE)range: < 12.0.1-8.14.1
- (no CPE)range: < 2.8.4-5.4.6
Red Hat/postgresqlv5
Range: 12.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.htmlmitrevendor-advisoryx_refsource_SUSE
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
www.postgresql.org/about/news/2011/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000