Security
Headlines
HeadlinesLatestCVEs

Headline

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers’ databases.

msrc-blog
#sql#vulnerability#rce#perl#auth#postgres

msrc-blog: Latest News

Securing AI and Cloud with the Zero Day Quest