pgaudit/set_user

Releases21

Frequency5 months 3 weeks

Last Release 9 months ago

Stars77

PostgreSQL extension allowing privilege escalation with enhanced logging and control

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-41558 ↗	Sep 27, 2021Monday, 27 September 2021, 17:15	9.8 CRITICAL	7.5 HIGH
The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.
CVE-2021-38140 ↗	Aug 10, 2021Tuesday, 10 August 2021, 18:15	9.8 CRITICAL	7.5 HIGH
The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().