Summary
TimescaleDB installation uses commands such as CREATE x IF NOT EXISTS which allows non-superusers to precreate objects. These objects will be used during installation which executes as superuser leading to privilege escalation.
In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension non-superusers can install the extension without help from a superuser.
Fix:
Upgrade to TimescaleDB 2.5.2+ or 2.6.0+.
Acknowledgements
Timescale would like to thank Pedro Gallegos for reporting this vulnerability.
Summary
TimescaleDB installation uses commands such as
CREATE x IF NOT EXISTSwhich allows non-superusers to precreate objects. These objects will be used during installation which executes as superuser leading to privilege escalation.In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension non-superusers can install the extension without help from a superuser.
Fix:
Upgrade to TimescaleDB 2.5.2+ or 2.6.0+.
Acknowledgements
Timescale would like to thank Pedro Gallegos for reporting this vulnerability.