Attackers could attack systems with the PostgreSQL database management system and obtain higher user rights. A security patch is available for download.
The vulnerability (CVE-2021-38140) is considered to be “critical“. The developers indicate in a warning message, the vulnerability in set_user-Extension-Modul 2.0.1 to have closed. In order to obtain higher rights, attackers would have to call the set_user()Function trigger a RESET-SESSION-AUTHORIZATION state. That should now be blocked.
It is currently not known how attacks could take place. Due to the critical classification of the vulnerability, admins should bring their PostgreSQL installations up to date as soon as possible. How it works, can be read on Github.
(from)
