Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41113: CVE-2023-41113 - EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.

CVE
#sql#vulnerability#auth#ssh#postgres

First Published: 2023/08/21

Last Updated: 2023/08/30

Summary

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.

Vulnerability details

CVE-ID: CVE-2023-41113

CVSS Base Score: 4.3

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products and versions

EnterpriseDB Postgres Advanced Server (EPAS)

  • All versions prior to 11.21.32
  • All versions prior to 12.16.20
  • All versions prior to 13.12.17
  • All versions prior to 14.9.0
  • All versions prior to 15.4.0

Impacted users must upgrade to a fixed version of EPAS and then patch existing database instance clusters using edb_sqlpatch. Users running unsupported versions of EPAS should upgrade to receive these updates. For questions about updating, users can contact their account representative or contact EDB.

Update

30 Aug 2023 - Added recommendation to Remediation to patch existing clusters

Warning:

The patch modifies the definitions of system objects inside the database, some behavioral differences may be noticeable after applying fixes. Affected users should confirm whether any of the provided fixes are likely to affect applications running against the database prior to applying them.

References

  • CVSS Calculator v3.1

  • EnterpriseDB

  • PostgreSQL

  • EDB Postgres Advanced Server

  • EDB Blogs link

Acknowledgement

EnterpriseDB

Change history

  • 21 August 2023: Original Copy Published
  • 28 August 2023: Updated with assigned CVE number
  • 30 August 2023: Updated with Remediation to patch existing clusters

Disclaimer

This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907