Security
Headlines
HeadlinesLatestCVEs

Tag

#postgres

GHSA-787v-v9vq-4rgv: Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.  This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

ghsa
#sql#vulnerability#web#apache#auth#postgres
GHSA-92qf-8gh3-gwcm: Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema. This issue affects Apache Superset: <4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.

GHSA-vrjr-p3xp-xx2x: phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available

### Summary Exposure of database (ie postgreSQL) server's credential when connection to DB fails. ### Details Exposed database credentials upon misconfig/DoS @ permalink: https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/src/phpMyFAQ/Setup/Installer.php#L694 ### PoC When postgreSQL server is unreachable, an error would be thrown exposing the credentials of the database. For instance, when "http://<phpmyfaq-instance>:8080/setup/index.php" is hit when the database instance/server is down, then credentials are exposed, for instance: ``` ( ! ) Warning: pg_connect(): Unable to connect to PostgreSQL server: connection to server at &quot;127.0.0.1&quot;, port 5432 failed: Connection refused Is the server running on that host and accepting TCP/IP connections? in /var/www/html/src/phpMyFAQ/Database/Pgsql.php on line 78 Call Stack # Time Memory Function Location 1 0.0404 453880 {main}( ) .../index.php:0 2 1.1341 610016 phpMyFAQ\Setup\Installer->startInstall( $setup = ??? ) .../index.php...

The Future of eCommerce: How Custom Apps Help You Get Ahead of the Competition

Discover the future of eCommerce with bespoke app development. Learn how tailored solutions enhance user experience, security, and performance while empowering businesses to meet unique needs and gain a competitive edge.

Critical Veeam Vulnerabilities Allow Remote Code Execution – Update Now

SUMMARY Veeam, a leading provider of backup, recovery, and data management solutions, has issued urgent security updates to…

Red Hat Security Advisory 2024-10750-03

Red Hat Security Advisory 2024-10750-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-10739-03

Red Hat Security Advisory 2024-10739-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-10736-03

Red Hat Security Advisory 2024-10736-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-10705-03

Red Hat Security Advisory 2024-10705-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

GHSA-h36c-m3rf-34h9: Access to Archived Argo Workflows with Fake Token in `client` mode

### Summary When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` When using `--auth-mode=sso`, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` ### Details No authentication is performed by the Server itself on `client` tokens[^1]. Authentication & authorization is instead delegated to the k8s API server. However, the [Workflow Archive](https://github.com/argoproj/argo-workflows/blob/52cca7e079a4f6d76db303ac550b1876e51b3865/server/workflowarchive/archived_workflow_server.go) does not interact with k8s, and so any token that [_looks_](https://github.com/argoproj/argo-workflows/blob/52cca7e079a4f6d76db303ac550b1876e51b3865/server/auth/mode.go#L37) [valid](https://github.com/argoproj/argo-workflows/blob/52cca7e079a4f6d76db303ac550b1876e51b3865/server/auth/gatekeeper.go#L185) will be considere...