CVE-2020-25694

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1894423

https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html

https://security.gentoo.org/glsa/202012-07

https://security.netapp.com/advisory/ntap-20201202-0003/

https://www.postgresql.org/support/security/

Details

Source: MITRE

Published: 2020-11-16

Updated: 2020-12-07

Type: CWE-327

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (51 total)

IDNameProductFamilySeverity
151513Amazon Linux AMI : postgresql92 (ALAS-2021-1519)NessusAmazon Linux Local Security Checks
high
150972Amazon Linux 2 : postgresql (ALAS-2021-1665)NessusAmazon Linux Local Security Checks
high
150771CentOS 7 : postgresql (CESA-2021:1512)NessusCentOS Local Security Checks
high
150722Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9290)NessusOracle Linux Local Security Checks
high
149321RHEL 7 : postgresql (RHSA-2021:1512)NessusRed Hat Local Security Checks
high
149316Oracle Linux 7 : postgresql (ELSA-2021-1512)NessusOracle Linux Local Security Checks
high
147357NewStart CGSL MAIN 6.02 : libpq Multiple Vulnerabilities (NS-SA-2021-0085)NessusNewStart CGSL Local Security Checks
high
146831openSUSE Security Update : postgresql / postgresql13 (openSUSE-2021-337)NessusSuSE Local Security Checks
high
146009CentOS 8 : postgresql:9.6 (CESA-2020:5619)NessusCentOS Local Security Checks
high
146002CentOS 8 : postgresql:12 (CESA-2020:5620)NessusCentOS Local Security Checks
high
145829CentOS 8 : postgresql:10 (CESA-2020:5567)NessusCentOS Local Security Checks
high
145490SUSE SLES12 Security Update : postgresql, postgresql12, postgresql13 (SUSE-SU-2021:0217-1)NessusSuSE Local Security Checks
high
145243RHEL 8 : postgresql:10 (RHSA-2021:0166)NessusRed Hat Local Security Checks
high
145239SUSE SLED15 / SLES15 Security Update : postgresql, postgresql13 (SUSE-SU-2021:0175-1)NessusSuSE Local Security Checks
high
145227RHEL 8 : postgresql:9.6 (RHSA-2021:0167)NessusRed Hat Local Security Checks
high
145226RHEL 8 : libpq (RHSA-2021:0165)NessusRed Hat Local Security Checks
high
145044RHEL 8 : postgresql:12 (RHSA-2021:0163)NessusRed Hat Local Security Checks
high
145043RHEL 8 : postgresql:9.6 (RHSA-2021:0164)NessusRed Hat Local Security Checks
high
145042RHEL 8 : postgresql:10 (RHSA-2021:0161)NessusRed Hat Local Security Checks
high
144988Amazon Linux AMI : postgresql95, postgresql96 (ALAS-2021-1476)NessusAmazon Linux Local Security Checks
high
144850RHEL 8 : libpq (RHSA-2021:0057)NessusRed Hat Local Security Checks
high
144605RHEL 8 : libpq (RHSA-2020:5638)NessusRed Hat Local Security Checks
high
144565Oracle Linux 8 : ELSA-2020-5619-1: / postgresql:9.6 (ELSA-2020-56191)NessusOracle Linux Local Security Checks
high
144564Oracle Linux 8 : ELSA-2020-5620-1: / postgresql:12 (ELSA-2020-56201)NessusOracle Linux Local Security Checks
high
144561Oracle Linux 8 : ELSA-2020-5567-1: / postgresql:10 (ELSA-2020-55671)NessusOracle Linux Local Security Checks
high
144560RHEL 8 : postgresql:9.6 (RHSA-2020:5661)NessusRed Hat Local Security Checks
high
144559RHEL 8 : postgresql:10 (RHSA-2020:5664)NessusRed Hat Local Security Checks
high
144417RHEL 8 : postgresql:12 (RHSA-2020:5620)NessusRed Hat Local Security Checks
high
144401RHEL 8 : postgresql:10 (RHSA-2020:5567)NessusRed Hat Local Security Checks
high
144395RHEL 8 : postgresql:9.6 (RHSA-2020:5619)NessusRed Hat Local Security Checks
high
144213Oracle Linux 8 : libpq (ELSA-2020-5401)NessusOracle Linux Local Security Checks
high
144204RHEL 8 : libpq (RHSA-2020:5401)NessusRed Hat Local Security Checks
high
144160EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-2526)NessusHuawei Local Security Checks
high
144060PostgreSQL 9.5.x < 9.5.24 / 9.6.x < 9.6.20 / 10.x < 10.15 / 11.x < 11.10 / 12.x < 12.5 / 13.x < 13.1 Multiple VulnerabilitiesNessusDatabases
high
143871SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2020:3476-1)NessusSuSE Local Security Checks
high
143859SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2020:3463-1)NessusSuSE Local Security Checks
high
143846SUSE SLES15 Security Update : postgresql10 (SUSE-SU-2020:3455-1)NessusSuSE Local Security Checks
high
143737SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2020:3425-1)NessusSuSE Local Security Checks
high
143661SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2020:3464-1)NessusSuSE Local Security Checks
high
143653SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2020:3630-1)NessusSuSE Local Security Checks
high
143617SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2020:3477-1)NessusSuSE Local Security Checks
high
143503GLSA-202012-07 : PostgreSQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
143461Debian DLA-2478-1 : postgresql-9.6 security updateNessusDebian Local Security Checks
high
143363Photon OS 1.0: Postgresql PHSA-2020-1.0-0340NessusPhotonOS Local Security Checks
high
143362Photon OS 2.0: Postgresql PHSA-2020-2.0-0298NessusPhotonOS Local Security Checks
high
143343openSUSE Security Update : postgresql12 (openSUSE-2020-2018)NessusSuSE Local Security Checks
high
143338openSUSE Security Update : postgresql10 (openSUSE-2020-2019)NessusSuSE Local Security Checks
high
143320openSUSE Security Update : postgresql10 (openSUSE-2020-2028)NessusSuSE Local Security Checks
high
143290openSUSE Security Update : postgresql12 (openSUSE-2020-2029)NessusSuSE Local Security Checks
high
143252Photon OS 3.0: Postgresql PHSA-2020-3.0-0164NessusPhotonOS Local Security Checks
high
142968Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : PostgreSQL vulnerabilities (USN-4633-1)NessusUbuntu Local Security Checks
high