QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2023-39417

Back to search

CVE-2023-39417

Published: Aug 11, 2023

Modified: Mar 12, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

VendorProductVersions

Red Hat

Red Hat Advanced Cluster Security 4.2

unaffected
4.2.4-6 - < *

Red Hat

Red Hat Advanced Cluster Security 4.2

unaffected
4.2.4-6 - < *

Red Hat

Red Hat Advanced Cluster Security 4.2

unaffected
4.2.4-7 - < *

Red Hat

Red Hat Advanced Cluster Security 4.2

unaffected
4.2.4-6 - < *

Red Hat

Red Hat Advanced Cluster Security 4.2

unaffected
4.2.4-7 - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
8090020231114113712.a75119d5 - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
8090020231128173330.a75119d5 - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
8090020231114113548.a75119d5 - < *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

unaffected
8020020231128165246.4cda2c84 - < *

Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

unaffected
8020020231128165246.4cda2c84 - < *

Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

unaffected
8020020231128165246.4cda2c84 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

unaffected
8040020231127153301.522a0ee4 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

unaffected
8040020231127154806.522a0ee4 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

unaffected
8040020231127153301.522a0ee4 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

unaffected
8040020231127154806.522a0ee4 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

unaffected
8040020231127153301.522a0ee4 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

unaffected
8040020231127154806.522a0ee4 - < *

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

unaffected
8060020231114115246.ad008a3a - < *

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

unaffected
8060020231128165328.ad008a3a - < *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

unaffected
8080020231114105206.63b34585 - < *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

unaffected
8080020231128165335.63b34585 - < *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

unaffected
8080020231113134015.63b34585 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:13.13-1.el9_3 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
9030020231120082734.rhel9 - < *

Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

unaffected
0:13.13-1.el9_0 - < *

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

unaffected
0:13.13-1.el9_2 - < *

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

unaffected
9020020231115020618.rhel9 - < *

Red Hat

Red Hat Software Collections for Red Hat Enterprise Linux 7

unaffected
0:12.17-1.el7 - < *

Red Hat

Red Hat Software Collections for Red Hat Enterprise Linux 7

unaffected
0:13.13-1.el7 - < *

Red Hat

RHACS-3.74-RHEL-8

unaffected
3.74.8-9 - < *

Red Hat

RHACS-3.74-RHEL-8

unaffected
3.74.8-9 - < *

Red Hat

RHACS-3.74-RHEL-8

unaffected
3.74.8-7 - < *

Red Hat

RHACS-3.74-RHEL-8

unaffected
3.74.8-9 - < *

Red Hat

RHACS-3.74-RHEL-8

unaffected
3.74.8-9 - < *

Red Hat

RHACS-4.1-RHEL-8

unaffected
4.1.6-6 - < *

Red Hat

RHACS-4.1-RHEL-8

unaffected
4.1.6-6 - < *

Red Hat

RHACS-4.1-RHEL-8

unaffected
4.1.6-6 - < *

Red Hat

RHACS-4.1-RHEL-8

unaffected
4.1.6-6 - < *

Red Hat

RHACS-4.1-RHEL-8

unaffected
4.1.6-6 - < *

Red Hat

Red Hat Enterprise Linux 6

All versions

Red Hat

Red Hat Enterprise Linux 7

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Software Collections

All versions

Weaknesses (CWE)

CWE-89

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

RHSA-2023:7545
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7579
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7580
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7581
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7616
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7656
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7666
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7667
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7694
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7695
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7714
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7770
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7772
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7784
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7785
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7883
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7884
vendor-advisory
x_refsource_REDHAT
RHSA-2023:7885
vendor-advisory
x_refsource_REDHAT
RHSA-2024:0304
vendor-advisory
x_refsource_REDHAT
RHSA-2024:0332
vendor-advisory
x_refsource_REDHAT
RHSA-2024:0337
vendor-advisory
x_refsource_REDHAT
RHBZ#2228111
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now