PostgreSQL multiple commands security bypass vulnerability [CVE-2022-1552]
CVE number = CVE-2022-1552
PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not activate protection or too late with the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands.
By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under a superuser identity.
Upgrade to the latest version of PostgreSQL (10.21, 11.16, 12.11, 13.7, 14.3 or later), available from the PostgreSQL Web site.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.