A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
CVE-2022-1552
Score 8.8 from GitHub Security Advisory (severity: HIGH) published 2022-09-01. NVD baseline CVSS 8.8; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 8.8
- EG Score
- 8.8(medium)
- EPSS
- 95.7%
- KEV
- Not listed
Published
August 31, 2022
Last Modified
November 21, 2024
References (12)
- secalert@redhathttps://access.redhat.com/security/cve/CVE-2022-1552
- secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=2081126
- secalert@redhathttps://security.gentoo.org/glsa/202211-04
- secalert@redhathttps://security.netapp.com/advisory/ntap-20221104-0005/
- secalert@redhathttps://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
- secalert@redhathttps://www.postgresql.org/support/security/CVE-2022-1552/
- af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2022-1552
- af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2081126
- af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202211-04
- af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20221104-0005/
- af854a3a-2127-422b-91ae-364da2661108https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
- af854a3a-2127-422b-91ae-364da2661108https://www.postgresql.org/support/security/CVE-2022-1552/
Vendor Advisories for CVE-2022-1552(14)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2022:5162Red Hat Product SecurityHigh
Red Hat Security Advisory: postgresql security update
- RHSA-2022:4929Red Hat Product SecurityHigh
Red Hat Security Advisory: rh-postgresql13-postgresql security update
- RHSA-2022:4913Red Hat Product SecurityHigh
Red Hat Security Advisory: rh-postgresql10-postgresql security update
- RHSA-2022:4915Red Hat Product SecurityHigh
Red Hat Security Advisory: rh-postgresql12-postgresql security update
- RHSA-2022:4895Red Hat Product SecurityHigh
Red Hat Security Advisory: postgresql:10 security update
- RHSA-2022:4893Red Hat Product SecurityHigh
Red Hat Security Advisory: postgresql:12 security update
- RHSA-2022:4894Red Hat Product SecurityHigh
Red Hat Security Advisory: postgresql:10 security update
- RHSA-2022:4857Red Hat Product SecurityHigh
Red Hat Security Advisory: postgresql:13 security update
- +6 more
Patch Availability(16)
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Additional Vendor Advisories
(3)
Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.
- Microsoft MSRCCVE-2022-15522022-09-08
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum REINDEX CREATE INDEX REFRESH MATERIALIZED VIEW CLUSTER and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
- UbuntuUSN-5440-1MEDIUM
PostgreSQL vulnerability
- UbuntuUSN-5676-1MEDIUM
PostgreSQL vulnerability
Data Freshness Timeline
(refreshed 7× in last 7d / 40× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-11 08:25 UTCEPSS rescore
- 2026-07-09 19:07 UTCEPSS rescore
- 2026-07-09 19:07 UTCEPSS rescore
- 2026-07-06 16:25 UTCEPSS rescore
- 2026-07-06 16:25 UTCEPSS rescore
- 2026-07-06 02:21 UTCEPSS rescore
- 2026-07-06 02:21 UTCEPSS rescore
- 2026-07-05 02:28 UTCEPSS rescore
- 2026-07-05 02:28 UTCEPSS rescore
- 2026-07-01 15:04 UTCEPSS rescore
- 2026-06-30 23:20 UTCEPSS rescore
- 2026-06-29 14:04 UTCEPSS rescore
- 2026-06-29 14:04 UTCEPSS rescore
- 2026-06-28 19:32 UTCOSV refresh
- 2026-06-28 14:05 UTCEPSS rescore
- 2026-06-28 04:54 UTCEPSS rescore
- 2026-06-28 04:54 UTCEPSS rescore
- 2026-06-27 03:07 UTCEPSS rescore
- 2026-06-27 03:06 UTCEPSS rescore
- 2026-06-25 13:48 UTCEPSS rescore
- 2026-06-25 13:48 UTCEPSS rescore
- 2026-06-24 14:03 UTCEPSS rescore
- 2026-06-24 14:03 UTCEPSS rescore
- 2026-06-23 21:31 UTCEPSS rescore
- 2026-06-23 21:31 UTCEPSS rescore
Show 51 moreShow fewer
- 2026-06-22 14:24 UTCEPSS rescore
- 2026-06-21 14:55 UTCEPSS rescore
- 2026-06-21 01:58 UTCEPSS rescore
- 2026-06-21 01:58 UTCEPSS rescore
- 2026-06-18 17:51 UTCEPSS rescore
- 2026-06-18 17:51 UTCEPSS rescore
- 2026-06-17 17:51 UTCEPSS rescore
- 2026-06-17 17:51 UTCEPSS rescore
- 2026-06-16 17:51 UTCEPSS rescore
- 2026-06-15 17:46 UTCEPSS rescore
- 2026-06-14 23:15 UTCEPSS rescore
- 2026-06-14 23:15 UTCEPSS rescore
- 2026-06-13 22:58 UTCEPSS rescore
- 2026-06-13 22:58 UTCEPSS rescore
- 2026-06-12 23:10 UTCEPSS rescore
- 2026-06-11 13:58 UTCEPSS rescore
- 2026-06-11 13:39 UTCOSV refresh
- 2026-06-10 22:16 UTCEPSS rescore
- 2026-06-10 13:20 UTCEPSS rescore
- 2026-06-08 14:15 UTCEPSS rescore
- 2026-06-08 14:15 UTCEPSS rescore
- 2026-06-08 14:15 UTCEPSS rescore
- 2026-06-07 15:23 UTCEPSS rescore
- 2026-06-07 15:23 UTCEPSS rescore
- 2026-06-06 13:46 UTCEPSS rescore
- 2026-06-06 13:46 UTCEPSS rescore
- 2026-06-05 22:45 UTCEPSS rescore
- 2026-06-05 22:45 UTCEPSS rescore
- 2026-06-05 06:09 UTCEPSS rescore
- 2026-06-05 06:09 UTCEPSS rescore
- 2026-06-04 13:11 UTCEPSS rescore
- 2026-06-04 13:10 UTCEPSS rescore
- 2026-06-02 20:11 UTCEPSS rescore
- 2026-06-02 20:11 UTCEPSS rescore
- 2026-06-01 13:50 UTCEPSS rescore
- 2026-06-01 13:50 UTCEPSS rescore
- 2026-05-31 22:29 UTCEPSS rescore
- 2026-05-31 00:15 UTCEPSS rescore
- 2026-05-31 00:15 UTCEPSS rescore
- 2026-05-29 13:42 UTCEPSS rescore
- 2026-05-28 13:43 UTCEPSS rescore
- 2026-05-28 13:43 UTCEPSS rescore
- 2026-05-27 13:39 UTCEPSS rescore
- 2026-05-27 13:39 UTCEPSS rescore
- 2026-05-26 13:43 UTCEPSS rescore
- 2026-05-26 13:42 UTCEPSS rescore
- 2026-05-26 07:17 UTCEPSS rescore
- 2026-05-26 07:17 UTCEPSS rescore
- 2026-05-25 16:13 UTCEG score recompute
- 2026-05-25 16:13 UTCVendor advisory
- 2026-05-25 16:13 UTCGHSA enrichment
Related CVEs(same vendor + same CWE)
Same vendor
10 shownmsrc · redhat
Frequently asked(5)
What is CVE-2022-1552?
When was CVE-2022-1552 disclosed?
Is CVE-2022-1552 actively exploited?
What is the CVSS score of CVE-2022-1552?
How do I remediate CVE-2022-1552?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2022-1552
Is Your Infrastructure Affected by CVE-2022-1552?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.