Vulnerability-Lookup

CVE-2020-13692 (GCVE-0-2020-13692)

Vulnerability from cvelistv5 – Published: 2020-06-04 15:07 – Updated: 2024-08-04 12:25

Summary

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

14 references

URL	Tags
https://github.com/pgjdbc/pgjdbc/commit/14b62aca4…	x_refsource_CONFIRM
https://jdbc.postgresql.org/documentation/changel…	x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-2020061…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r00bcc6b2da9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7f6d019839d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r1aae77706aa…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0478a1aa9ae…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r01ae1b3d981…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r631f967db62…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfe363bf3a46…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4bdea189c99…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb89f92aba44…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.debian.org/security/2022/dsa-5196	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:25:16.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
          },
          {
            "name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
          },
          {
            "name": "FEDORA-2020-5a31ccfe66",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
          },
          {
            "name": "DSA-5196",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5196"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-31T19:06:12.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
        },
        {
          "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
        },
        {
          "name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
        },
        {
          "name": "FEDORA-2020-5a31ccfe66",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
        },
        {
          "name": "DSA-5196",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5196"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
              "refsource": "CONFIRM",
              "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
            },
            {
              "name": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13",
              "refsource": "CONFIRM",
              "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200619-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E"
            },
            {
              "name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E"
            },
            {
              "name": "FEDORA-2020-5a31ccfe66",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
            },
            {
              "name": "DSA-5196",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5196"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13692",
    "datePublished": "2020-06-04T15:07:37.000Z",
    "dateReserved": "2020-05-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:25:16.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-13692",
      "date": "2026-05-20",
      "epss": "0.07801",
      "percentile": "0.92061"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"42.2.13\", \"matchCriteriaId\": \"C8345E93-0BD6-49FB-A82C-219E72541536\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.5.2\", \"matchCriteriaId\": \"2A9BF484-A446-4315-B748-F4723622C464\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.\"}, {\"lang\": \"es\", \"value\": \"PostgreSQL JDBC Driver (tambi\\u00e9n se conoce como PgJDBC) versiones anteriores a 42.2.13, permite un ataque de tipo XXE\"}]",
      "id": "CVE-2020-13692",
      "lastModified": "2024-11-21T05:01:44.940",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-04T16:15:12.657",
      "references": "[{\"url\": \"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200619-0005/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5196\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200619-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5196\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-13692\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-04T16:15:12.657\",\"lastModified\":\"2024-11-21T05:01:44.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.\"},{\"lang\":\"es\",\"value\":\"PostgreSQL JDBC Driver (tambi\u00e9n se conoce como PgJDBC) versiones anteriores a 42.2.13, permite un ataque de tipo XXE\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"42.2.13\",\"matchCriteriaId\":\"C8345E93-0BD6-49FB-A82C-219E72541536\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.2\",\"matchCriteriaId\":\"2A9BF484-A446-4315-B748-F4723622C464\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200619-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5196\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200619-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-342

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans PostgreSQL. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PostgreSQL	PostgreSQL	PostgreSQL versions 42.2.x antérieures à 42.2.13

References

Title

Publication Time

CERTFR-2020-AVI-342

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans PostgreSQL. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PostgreSQL	PostgreSQL	PostgreSQL versions 42.2.x antérieures à 42.2.13

References

Title

Publication Time

alsa-2020:3176

Vulnerability from osv_almalinux

Published

2020-07-28 12:19

Modified

2021-11-12 10:20

Summary

Important: postgresql-jdbc security update

Details

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

Security Fix(es):

postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)

This update introduces a backwards incompatible change required to resolve this issue. Refer to the AlmaLinux Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-3176.html	ADVISORY
	https://vulners.com/cve/CVE-2020-13692	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "postgresql-jdbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "42.2.3-3.el8_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "postgresql-jdbc-javadoc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "42.2.3-3.el8_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.\n\nSecurity Fix(es):\n\n* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)\n\nThis update introduces a backwards incompatible change required to resolve this issue. Refer to the AlmaLinux Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2020:3176",
  "modified": "2021-11-12T10:20:55Z",
  "published": "2020-07-28T12:19:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-3176.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-13692"
    }
  ],
  "related": [
    "CVE-2020-13692"
  ],
  "summary": "Important: postgresql-jdbc security update"
}

BDU:2022-03872

Vulnerability from fstec - Published: 01.06.2020

Title

Уязвимость драйвера JDBC (PgJDBC) для подключения Java-программ к базе данных PostgreSQL, позволяющая нарушителю проводить XXE-атаки

Description

Уязвимость драйвера JDBC (PgJDBC) для подключения Java-программ к базе данных PostgreSQL связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить XXE-атаки

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

Vendor

Red Hat Inc., Fedora Project, PostgreSQL Global Development Group, АО "НППКТ"

Software Name

Red Hat Enterprise Linux, Jboss Fuse, OpenShift Application Runtimes, Red Hat Descision Manager, Fedora, Red Hat Process Automation, Red Hat Integration Camel K, pgjdbc, Red Hat Integration, Red Hat AMQ Online, Quarkus, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 7 (Jboss Fuse), 1.0 (OpenShift Application Runtimes), 7 (Red Hat Descision Manager), 32 (Fedora), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.1 Extended Update Support (Red Hat Enterprise Linux), 7 (Red Hat Process Automation), - (Red Hat Integration Camel K), до 42.2.13 (pgjdbc), - (Red Hat Integration), - (Red Hat AMQ Online), до 1.5.2 включительно (Quarkus), до 2.6 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для PgJDBC: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13 Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2020-13692 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения libpgjava до версии 42.2.5-2+deb10u2

Reference

https://nvd.nist.gov/vuln/detail/cve-2020-13692 https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13 https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/ https://security.netapp.com/advisory/ntap-20200619-0005/ https://access.redhat.com/security/cve/cve-2020-13692 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/

CWE

CWE-611

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:P/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Fedora Project, PostgreSQL Global Development Group, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 7 (Jboss Fuse), 1.0 (OpenShift Application Runtimes), 7 (Red Hat Descision Manager), 32 (Fedora), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.1 Extended Update Support (Red Hat Enterprise Linux), 7 (Red Hat Process Automation), - (Red Hat Integration Camel K), \u0434\u043e 42.2.13 (pgjdbc), - (Red Hat Integration), - (Red Hat AMQ Online), \u0434\u043e 1.5.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Quarkus), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f PgJDBC:\nhttps://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13 \n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/ \n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-13692\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libpgjava \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 42.2.5-2+deb10u2",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.06.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-03872",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-13692",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Jboss Fuse, OpenShift Application Runtimes, Red Hat Descision Manager, Fedora, Red Hat Process Automation, Red Hat Integration Camel K, pgjdbc, Red Hat Integration, Red Hat AMQ Online, Quarkus, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , Fedora Project Fedora 32 , Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.1 Extended Update Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 JDBC (PgJDBC) \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f Java-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b (CWE-611)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 JDBC (PgJDBC) \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f Java-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/cve-2020-13692\nhttps://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 \nhttps://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13 \nhttps://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E  \nhttps://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E \nhttps://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E \nhttps://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E \nhttps://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E \nhttps://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E \nhttps://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E \nhttps://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E \nhttps://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/ \nhttps://security.netapp.com/advisory/ntap-20200619-0005/\nhttps://access.redhat.com/security/cve/cve-2020-13692\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-611",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,7)"
}

CNVD-2020-35974

Vulnerability from cnvd - Published: 2020-07-02

Title

PostgreSQL JDBC Driver代码问题漏洞

Description

PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性，例如外键、触发器、视图等。 PostgreSQL JDBC Driver (PgJDBC) 42.2.13之前版本中存在代码问题漏洞，该漏洞源于程序未能正确处理XML外部实体。远程攻击者可借助特制数据利用该漏洞获取敏感信息。

Severity

高

Patch Name

PostgreSQL JDBC Driver代码问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-13692

Impacted products

Name
Postgresql JDBC Driver (PgJDBC) <42.2.13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-13692"
    }
  },
  "description": "PostgreSQL\u662fPostgreSQL\u7ec4\u7ec7\u7684\u4e00\u5957\u81ea\u7531\u7684\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u5927\u90e8\u5206SQL\u6807\u51c6\u5e76\u4e14\u63d0\u4f9b\u4e86\u8bb8\u591a\u5176\u4ed6\u7279\u6027\uff0c\u4f8b\u5982\u5916\u952e\u3001\u89e6\u53d1\u5668\u3001\u89c6\u56fe\u7b49\u3002\n\nPostgreSQL JDBC Driver (PgJDBC) 42.2.13\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406XML\u5916\u90e8\u5b9e\u4f53\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-35974",
  "openTime": "2020-07-02",
  "patchDescription": "PostgreSQL\u662fPostgreSQL\u7ec4\u7ec7\u7684\u4e00\u5957\u81ea\u7531\u7684\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u5927\u90e8\u5206SQL\u6807\u51c6\u5e76\u4e14\u63d0\u4f9b\u4e86\u8bb8\u591a\u5176\u4ed6\u7279\u6027\uff0c\u4f8b\u5982\u5916\u952e\u3001\u89e6\u53d1\u5668\u3001\u89c6\u56fe\u7b49\u3002\r\n\r\nPostgreSQL JDBC Driver (PgJDBC) 42.2.13\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406XML\u5916\u90e8\u5b9e\u4f53\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PostgreSQL JDBC Driver\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Postgresql JDBC Driver (PgJDBC) \u003c42.2.13"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-05",
  "title": "PostgreSQL JDBC Driver\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2020-13692

Vulnerability from fkie_nvd - Published: 2020-06-04 16:15 - Updated: 2024-11-21 05:01

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

Summary

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

References

URL	Tags
cve@mitre.org	https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65	Patch, Third Party Advisory
cve@mitre.org	https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13	Release Notes, Vendor Advisory
cve@mitre.org	https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200619-0005/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5196	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200619-0005/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5196	Third Party Advisory

Impacted products

Vendor	Product	Version
postgresql	postgresql_jdbc_driver	*
quarkus	quarkus	*
netapp	steelstore_cloud_integrated_storage	-
fedoraproject	fedora	32
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8345E93-0BD6-49FB-A82C-219E72541536",
              "versionEndExcluding": "42.2.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9BF484-A446-4315-B748-F4723622C464",
              "versionEndIncluding": "1.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
    },
    {
      "lang": "es",
      "value": "PostgreSQL JDBC Driver (tambi\u00e9n se conoce como PgJDBC) versiones anteriores a 42.2.13, permite un ataque de tipo XXE"
    }
  ],
  "id": "CVE-2020-13692",
  "lastModified": "2024-11-21T05:01:44.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-04T16:15:12.657",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5196"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-88CC-G835-76RP

Vulnerability from github – Published: 2022-02-10 00:30 – Updated: 2024-05-15 06:44

Summary

Improper Restriction of XML External Entity Reference

Details

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Severity ?

7.7 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.postgresql:postgresql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.4.1212.jre6"
            },
            {
              "fixed": "42.2.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-13692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-14T21:31:45Z",
    "nvd_published_at": "2020-06-04T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
  "id": "GHSA-88cc-g835-76rp",
  "modified": "2024-05-15T06:44:16Z",
  "published": "2022-02-10T00:30:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
    },
    {
      "type": "WEB",
      "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200619-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5196"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Restriction of XML External Entity Reference"
}

GSD-2020-13692

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Aliases

CVE-2020-13692

Aliases

CVE-2020-13692

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-13692",
    "description": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
    "id": "GSD-2020-13692",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-13692.html",
      "https://access.redhat.com/errata/RHSA-2021:0110",
      "https://access.redhat.com/errata/RHSA-2020:5568",
      "https://access.redhat.com/errata/RHSA-2020:3678",
      "https://access.redhat.com/errata/RHSA-2020:3675",
      "https://access.redhat.com/errata/RHSA-2020:3286",
      "https://access.redhat.com/errata/RHSA-2020:3285",
      "https://access.redhat.com/errata/RHSA-2020:3284",
      "https://access.redhat.com/errata/RHSA-2020:3283",
      "https://access.redhat.com/errata/RHSA-2020:3248",
      "https://access.redhat.com/errata/RHSA-2020:3209",
      "https://access.redhat.com/errata/RHSA-2020:3176",
      "https://access.redhat.com/errata/RHSA-2020:3005",
      "https://advisories.mageia.org/CVE-2020-13692.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-13692.html",
      "https://linux.oracle.com/cve/CVE-2020-13692.html",
      "https://www.debian.org/security/2022/dsa-5196",
      "https://ubuntu.com/security/CVE-2020-13692"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-13692"
      ],
      "details": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
      "id": "GSD-2020-13692",
      "modified": "2023-12-13T01:21:46.976277Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-13692",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
            "refsource": "CONFIRM",
            "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
          },
          {
            "name": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13",
            "refsource": "CONFIRM",
            "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200619-0005/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E"
          },
          {
            "name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E"
          },
          {
            "name": "FEDORA-2020-5a31ccfe66",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
          },
          {
            "name": "DSA-5196",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2022/dsa-5196"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,42.2.13)",
          "affected_versions": "All versions before 42.2.13",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-611",
            "CWE-937"
          ],
          "date": "2022-02-10",
          "description": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
          "fixed_versions": [
            "42.2.13"
          ],
          "identifier": "CVE-2020-13692",
          "identifiers": [
            "GHSA-88cc-g835-76rp",
            "CVE-2020-13692"
          ],
          "not_impacted": "All versions starting from 42.2.13",
          "package_slug": "maven/org.postgresql/postgresql",
          "pubdate": "2022-02-10",
          "solution": "Upgrade to version 42.2.13 or above.",
          "title": "Improper Restriction of XML External Entity Reference",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-13692",
            "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
            "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13",
            "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E",
            "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E",
            "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E",
            "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E",
            "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E",
            "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E",
            "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E",
            "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E",
            "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/",
            "https://security.netapp.com/advisory/ntap-20200619-0005/",
            "https://github.com/advisories/GHSA-88cc-g835-76rp"
          ],
          "uuid": "0c0eb85a-b030-42e1-aaab-414d341bde5f"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "42.2.13",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13692"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
            },
            {
              "name": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200619-0005/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E"
            },
            {
              "name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E"
            },
            {
              "name": "FEDORA-2020-5a31ccfe66",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
            },
            {
              "name": "DSA-5196",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5196"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.5
        }
      },
      "lastModifiedDate": "2022-12-13T15:02Z",
      "publishedDate": "2020-06-04T16:15Z"
    }
  }
}

RHSA-2020:3005

Vulnerability from csaf_redhat - Published: 2020-07-20 20:49 - Updated: 2026-05-14 22:30

Summary

Red Hat Security Advisory: Red Hat Integration Debezium 1.1.3 security update

Severity

Important

Notes

Topic: An update for Debezium PostgreSQL connector is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: PostgreSQL is an advanced object-relational database management system. The Debezium PostgreSQL connector includes JDBC driver to access a PostgreSQL database. Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-13692

A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Integration Debezium 1.1.3 Red Hat / Red Hat Integration	`cpe:/a:redhat:integration:1`	—	Vendor Fix fix

Threats

Impact Important

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:3005	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852985	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-13692	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852985	external
https://www.cve.org/CVERecord?id=CVE-2020-13692	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13692	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Debezium PostgreSQL connector is now available for Red Hat Integration.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PostgreSQL is an advanced object-relational database management system. The Debezium PostgreSQL connector includes JDBC driver to access a PostgreSQL database.\n\nSecurity Fix(es):\n\n* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:3005",
        "url": "https://access.redhat.com/errata/RHSA-2020:3005"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2020-Q2",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2020-Q2"
      },
      {
        "category": "external",
        "summary": "1852985",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3005.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Integration Debezium 1.1.3 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:30:10+00:00",
      "generator": {
        "date": "2026-05-14T22:30:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:3005",
      "initial_release_date": "2020-07-20T20:49:48+00:00",
      "revision_history": [
        {
          "date": "2020-07-20T20:49:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-07-20T20:49:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:30:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Integration Debezium 1.1.3",
                "product": {
                  "name": "Red Hat Integration Debezium 1.1.3",
                  "product_id": "Red Hat Integration Debezium 1.1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:integration:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Integration"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13692",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852985"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Integration Debezium 1.1.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13692"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852985",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13692"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692"
        }
      ],
      "release_date": "2020-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-20T20:49:48+00:00",
          "details": "To apply this update just follow standard installation procedure\n\nhttps://access.redhat.com/documentation/en-us/red_hat_integration/2020-q2/html/installing_debezium_on_openshift/installing_debezium_connectors",
          "product_ids": [
            "Red Hat Integration Debezium 1.1.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:3005"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Integration Debezium 1.1.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML"
    }
  ]
}

RHSA-2020:3176

Vulnerability from csaf_redhat - Published: 2020-07-28 12:42 - Updated: 2026-05-14 22:30

Summary

Red Hat Security Advisory: postgresql-jdbc security update

Severity

Important

Notes

Topic: An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 04 August 2020] This advisory has been updated with a reference to the Red Hat Knowledgebase article 5266441. This update does not change the packages in any way.

Details: PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) This update introduces a backwards incompatible change required to resolve this issue. Refer to the Red Hat Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-13692

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.src	—	Vendor Fix fix
Unresolved product id: AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch	—	Vendor Fix fix

Threats

Impact Important

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:3176	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/articles/5266441	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852985	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-13692	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852985	external
https://www.cve.org/CVERecord?id=CVE-2020-13692	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13692	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 04 August 2020]\nThis advisory has been updated with a reference to the Red Hat Knowledgebase article 5266441. This update does not change the packages in any way.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.\n\nSecurity Fix(es):\n\n* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)\n\nThis update introduces a backwards incompatible change required to resolve this issue. Refer to the Red Hat Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:3176",
        "url": "https://access.redhat.com/errata/RHSA-2020:3176"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/5266441",
        "url": "https://access.redhat.com/articles/5266441"
      },
      {
        "category": "external",
        "summary": "1852985",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3176.json"
      }
    ],
    "title": "Red Hat Security Advisory: postgresql-jdbc security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:30:09+00:00",
      "generator": {
        "date": "2026-05-14T22:30:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:3176",
      "initial_release_date": "2020-07-28T12:42:18+00:00",
      "revision_history": [
        {
          "date": "2020-07-28T12:42:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-08-04T14:15:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:30:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.2.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql-jdbc-0:42.2.3-3.el8_2.noarch",
                "product": {
                  "name": "postgresql-jdbc-0:42.2.3-3.el8_2.noarch",
                  "product_id": "postgresql-jdbc-0:42.2.3-3.el8_2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql-jdbc@42.2.3-3.el8_2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch",
                "product": {
                  "name": "postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch",
                  "product_id": "postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql-jdbc-javadoc@42.2.3-3.el8_2?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "postgresql-jdbc-0:42.2.3-3.el8_2.src",
                "product": {
                  "name": "postgresql-jdbc-0:42.2.3-3.el8_2.src",
                  "product_id": "postgresql-jdbc-0:42.2.3-3.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/postgresql-jdbc@42.2.3-3.el8_2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql-jdbc-0:42.2.3-3.el8_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.noarch"
        },
        "product_reference": "postgresql-jdbc-0:42.2.3-3.el8_2.noarch",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql-jdbc-0:42.2.3-3.el8_2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.src"
        },
        "product_reference": "postgresql-jdbc-0:42.2.3-3.el8_2.src",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch"
        },
        "product_reference": "postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch",
        "relates_to_product_reference": "AppStream-8.2.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13692",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852985"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.noarch",
          "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.src",
          "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13692"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852985",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13692"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692"
        }
      ],
      "release_date": "2020-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-28T12:42:18+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.noarch",
            "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.src",
            "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.noarch",
            "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-0:42.2.3-3.el8_2.src",
            "AppStream-8.2.0.Z.MAIN.EUS:postgresql-jdbc-javadoc-0:42.2.3-3.el8_2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-13692 (GCVE-0-2020-13692)

Solution

Solution

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature