Operational Defect Database
BugZero found this defect 461 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft SQL Server | 2094950
Any member who has the DQS KB Operator (dqs_kb_operator) role or a higher privilege-level role can create or overwrite arbitrary files on the computer that's hosting SQL Server as the account that's running the SQL Server service (default account is NT SERVICE\MSSQLSERVER).
Last update date:
2/14/2023
Affected products:
SQL Server 2016 on Linux
SQL Server 2016 on Windows
Affected releases:
build lower than 13.0.7024.30
Fixed releases:
13.0.7024.30
Description:
Any member who has the DQS KB Operator (dqs_kb_operator) role or a higher privilege-level role can create or overwrite arbitrary files on the computer that's hosting SQL Server as the account that's running the SQL Server service (default account is NT SERVICE\MSSQLSERVER).
