CVE-2023-41114 - EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL
Suggest editsFirst Published: 2023/08/21
Last Updated: 2023/08/28
Summary
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions.
Vulnerability details
CVE-ID: CVE-2023-41114
CVSS Base Score: 6.5
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products and versions
EnterpriseDB Postgres Advanced Server (EPAS)
- All versions prior to 11.21.32
- All versions prior to 12.16.20
- All versions prior to 13.12.17
- All versions prior to 14.9.0
- All versions prior to 15.4.0
Remediation/fixes
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| EPAS | All versions prior to 11.21.32 | Update to latest supported version (at least 11.21.32) |
| EPAS | All versions prior to 12.16.20 | Update to latest supported version (at least 12.16.20) |
| EPAS | All versions prior to 13.12.17 | Update to latest supported version (at least 13.12.17) |
| EPAS | All versions prior to 14.9.0 | Update to latest supported version (at least 14.9.0) |
| EPAS | All versions prior to 15.4.0 | Update to latest supported version (at least 15.4.0) |
Update
No updates as of 28 August 2023
Warning:
The patch modifies the definitions of system objects inside the database, some behavioral differences may be noticeable after applying fixes. Affected users should confirm whether any of the provided fixes are likely to affect applications running against the database prior to applying them.
References
Related information
Acknowledgement
EnterpriseDB
Change history
21 August 2023: Original Copy Published 28 August 2023: Updated with assigned CVE number
Disclaimer
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.
Could this page be better? Report a problem or suggest an addition!