Operational Defect Database
BugZero found this defect 461 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft SQL Server | 2089289
Any member who has the DQS KB Operator (dqs_kb_operator) role or a higher privilege-level role can create or overwrite arbitrary files on the computer that's hosting SQL Server as the account that's running the SQL Server service (default account is NT SERVICE\MSSQLSERVER).
Last update date:
2/14/2023
Affected products:
SQL Server 2019 on Linux
SQL Server 2019 on Windows
Affected releases:
build lower than 15.0.2101.7
Fixed releases:
15.0.2101.7
Description:
Any member who has the DQS KB Operator (dqs_kb_operator) role or a higher privilege-level role can create or overwrite arbitrary files on the computer that's hosting SQL Server as the account that's running the SQL Server service (default account is NT SERVICE\MSSQLSERVER).
