#postgres

Debian Linux Security Advisory 5745-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

Red Hat Security Advisory 2024-5056-03 - Red Hat Integration Camel K 1.10.7 release and security update is now available.

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

### Summary Probably jwt bypass + sql injection or what i'm doing wrong? ### PoC (how to reproduce) 1. Create following files: docker-compose.yml: ``` services: postgres: image: postgres container_name: postgres_container_mre environment: POSTGRES_USER: test_user_pg POSTGRES_PASSWORD: test_pass_pg POSTGRES_DB: test_db prest: image: prest/prest build: . volumes: - ./queries:/queries - ./migrations:/migrations ports: - "3000:3000" ``` Dockerfile: ``` from prest/prest:latest COPY ./prest.toml prest.toml ``` prest.toml: ``` debug=false migrations = "./migrations" [http] port = 3000 [jwt] default = true key = "secret" algo = "HS256" [auth] enabled = true type = "body" encrypt = "MD5" table = "prest_users" username = "username" password = "password" [pg] URL = "postgresql://test_user_pg:test_pass_pg@postgres:5432/test_db/?sslmode=disable" [ssl] mode = "disable" sslcert = "./PATH" sslkey = "./PATH" sslrootcert = "....

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection. This issue affects Apache Superset: before 4.0.2. Users are recommended to upgrade to version 4.0.2, which fixes the issue.

Red Hat Security Advisory 2024-4402-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

GeoServer's Server Status page and REST API (at `/geoserver/rest/about/status`) lists *all* environment variables and Java properties to *any* GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens, for example: * Data stores defined with [parameterized catalog settings][catalog] (`-DALLOW_ENV_PARAMETRIZATION=true`) which need a password or access key. * GeoServer's official Docker image [uses environment variables to configure PostgreSQL JNDI resources, including credentials][docker-jndi] (`POSTGRES_HOST`, `POSTGRES_USERNAME`, `POSTGRES_PASSWORD`) Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process, such as: * GeoServer `admin` and master (`root`) passwords * Tomcat management application password * HTTPS/TLS cer...

### Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. ### Patches The algorithm to detect SQL injection has been improved. ### Workarounds None. ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r - https://github.com/parse-community/parse-server/pull/9167 (fix for Parse Server 7) - https://github.com/parse-community/parse-server/pull/9168 (fix for Parse Server 6) ### Credits - Smile Thanapattheerakul of Trend Micro (finder) - Manuel Trezza (coordinator)

Red Hat Security Advisory 2024-4057-03 - Release of OpenShift Serverless Logic 1.33.0. Issues addressed include cross site scripting and denial of service vulnerabilities.

Ubuntu Security Notice 6825-1 - It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly use this issue to execute cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS.