The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7580 advisory.

  - postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

  - postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

  - postgresql: schema_element defeats protective search_path changes (CVE-2023-2454)

  - postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)

  - postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

  - postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

  - postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

  - postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : postgresql:13 (RHSA-2023:7580)

high Nessus Plugin ID 186435

Version 1.5

Version 1.4

Version 1.3

Version 1.3

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.0

Version 1.5 Feb 16, 2024, 12:17 PM IAVM reference Plugin Feed: 202402161217
Version 1.4 Jan 26, 2024, 11:18 PM Plugin metadata Reference Plugin Feed: 202401262318
Version 1.3 Dec 18, 2023, 2:01 PM CVSSv3 score source (changed from "CVE-2023-5869" to none) CVSSv2 score source (changed from "CVE-2023-39417" to "CVE-2023-5869") Plugin Feed: 202312181401
Version 1.3 Jan 26, 2024, 9:00 PM Plugin metadata Reference Plugin Feed: 202401262100
Version 1.2 Dec 14, 2023, 4:32 PM CVSSv3 score source (set to "CVE-2023-5869") CVSSv2 score source (changed from "CVE-2023-5869" to "CVE-2023-39417") Plugin Feed: 202312141632
Version 1.1 Dec 11, 2023, 4:04 PM CVSSv2 score source (changed from "CVE-2023-39417" to "CVE-2023-5869") Plugin Feed: 202312111604
Version 1.1 Dec 14, 2023, 2:28 PM CVSSv2 score source (changed from "CVE-2023-5869" to "CVE-2023-39417") CVSSv3 score source (set to "CVE-2023-5869") Plugin Feed: 202312141428
Version 1.0 Nov 29, 2023, 11:34 PM New Plugin Feed: 202311292334
Version 1.0 Dec 11, 2023, 2:00 PM CVSSv2 score source (changed from "CVE-2023-39417" to "CVE-2023-5869") Plugin Feed: 202312111400