CVE-2022-21724 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-21724 Interim 1 19 2023-01-06T00:47:45Z current 2022-02-05T02:43:29Z 2023-01-06T00:47:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-21724 pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2022-June/011318.html E-Mail link for SUSE-SU-2022:2143-1 https://lists.suse.com/pipermail/sle-security-updates/2022-June/011317.html E-Mail link for SUSE-SU-2022:2145-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Server Business Critical Linux 15 SP3 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Manager Retail Branch Server 4.2 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Manager Server 4.2 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Manager Server Module 4.1 SUSE Manager Server Module 4.2 SUSE Manager Server Module 4.3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 postgresql-jdbc postgresql-jdbc-42.2.10-150200.3.8.2 postgresql-jdbc-42.2.10-150200.3.8.2 as a component of SUSE Manager Server Module 4.1 postgresql-jdbc as a component of HPE Helion OpenStack 8 postgresql-jdbc as a component of SUSE Enterprise Storage 7.1 postgresql-jdbc as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 postgresql-jdbc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS postgresql-jdbc as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 postgresql-jdbc as a component of SUSE Linux Enterprise Real Time 15 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Server 11 SP1 postgresql-jdbc as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata postgresql-jdbc as a component of SUSE Linux Enterprise Server 11 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP2-BCL postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP3-BCL postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP3-ESPOS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP3-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP4-LTSS postgresql-jdbc as a component of SUSE Linux Enterprise Server 12 SP5 postgresql-jdbc as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Server Teradata 12 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 postgresql-jdbc as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 postgresql-jdbc as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 postgresql-jdbc as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 postgresql-jdbc as a component of SUSE Manager Proxy 4.2 postgresql-jdbc as a component of SUSE Manager Retail Branch Server 4.2 postgresql-jdbc as a component of SUSE Manager Server 4.2 postgresql-jdbc as a component of SUSE Manager Server Module 4.2 postgresql-jdbc as a component of SUSE Manager Server Module 4.3 postgresql-jdbc as a component of SUSE OpenStack Cloud 8 postgresql-jdbc as a component of SUSE OpenStack Cloud 9 postgresql-jdbc as a component of SUSE OpenStack Cloud Crowbar 8 postgresql-jdbc as a component of SUSE OpenStack Cloud Crowbar 9 pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. CVE-2022-21724 SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-150200.3.8.2 HPE Helion OpenStack 8:postgresql-jdbc SUSE Enterprise Storage 7.1:postgresql-jdbc SUSE Linux Enterprise High Performance Computing 12 SP5:postgresql-jdbc SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:postgresql-jdbc SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:postgresql-jdbc SUSE Linux Enterprise Module for Server Applications 15 SP3:postgresql-jdbc SUSE Linux Enterprise Module for Server Applications 15 SP4:postgresql-jdbc SUSE Linux Enterprise Real Time 15 SP3:postgresql-jdbc SUSE Linux Enterprise Server 11 SP1 for Teradata:postgresql-jdbc SUSE Linux Enterprise Server 11 SP1:postgresql-jdbc SUSE Linux Enterprise Server 11 SP3 for Teradata:postgresql-jdbc SUSE Linux Enterprise Server 11 SP3:postgresql-jdbc SUSE Linux Enterprise Server 12 SP2-BCL:postgresql-jdbc SUSE Linux Enterprise Server 12 SP3-BCL:postgresql-jdbc SUSE Linux Enterprise Server 12 SP3-ESPOS:postgresql-jdbc SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql-jdbc SUSE Linux Enterprise Server 12 SP4-ESPOS:postgresql-jdbc SUSE Linux Enterprise Server 12 SP4-LTSS:postgresql-jdbc SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc SUSE Linux Enterprise Server Business Critical Linux 15 SP3:postgresql-jdbc SUSE Linux Enterprise Server Teradata 12 SP3:postgresql-jdbc SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql-jdbc SUSE Linux Enterprise Server for SAP Applications 12 SP4:postgresql-jdbc SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc SUSE Linux Enterprise Server for SAP Applications 15 SP3:postgresql-jdbc SUSE Manager Proxy 4.2:postgresql-jdbc SUSE Manager Retail Branch Server 4.2:postgresql-jdbc SUSE Manager Server 4.2:postgresql-jdbc SUSE Manager Server Module 4.2:postgresql-jdbc SUSE Manager Server Module 4.3:postgresql-jdbc SUSE OpenStack Cloud 8:postgresql-jdbc SUSE OpenStack Cloud 9:postgresql-jdbc SUSE OpenStack Cloud Crowbar 8:postgresql-jdbc SUSE OpenStack Cloud Crowbar 9:postgresql-jdbc moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L