Description
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
Remediation
References
Related Vulnerabilities
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3731)
WordPress Plugin Quick Chat Cross-Site Scripting (4.14)
Spring Cloud Gateway Incorrect Authorization Vulnerability (CVE-2021-22051)