CVE-2020-10733 Vulnerability Details

  /     /     /  

CVE-2020-10733 Metadata Quick Info

CVE Published: 16/09/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: redhat | Vendor: n/a | Product: PostgreSQL
Status : PUBLISHED

---

CVE-2020-10733 Description

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer\'s administrative rights.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-426
CWE Name: CWE-426
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).