VDB

GCVE-110-CLOUD-2022-0004

GCVE-110-CLOUD-2022-0004
Advisory Published
Vulnetix · Advisory published December 1, 2022
IBM Cloud Databases for PostgreSQL was vulnerable to an attack sequence comprised of PostgreSQL privilege escalation via SQL Injection and chaining of three secrets scattered in the service environment (a K8s service account token, a private container registry password, and CI/CD server credentials), which were abusable due to overly permissive network access to internal build servers. A malicious actor could have exploited this vulnerability to remotely execute code in other customers’ environments in order to read and modify data stored in their PostgreSQL databases.

Affected Products

VendorProductVersionsPlatforms
IBM CloudCloud Services
IBM CloudIBM Cloud Databases

References

Hell's Keychain
advisory
advisory
advisory

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›