vulnerability
FreeBSD: VID-d331f691-71f4-11ea-8bb5-6cc21735f730 (CVE-2020-1720): PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Mar 29, 2020 | Mar 30, 2020 | Dec 10, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Mar 29, 2020
Added
Mar 30, 2020
Modified
Dec 10, 2025
Description
The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.
Solutions
freebsd-upgrade-package-postgresql12-serverfreebsd-upgrade-package-postgresql11-serverfreebsd-upgrade-package-postgresql10-serverfreebsd-upgrade-package-postgresql96-server
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.