PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server
Published
2023-04-23
·
Updated
2025-02-04
·
CVE-2023-31043
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EnterpriseDB EDB Postgres Advanced Server (EPAS) versions prior to 10.23.33
EnterpriseDB EDB Postgres Advanced Server (EPAS) versions prior to 11.18.29
EnterpriseDB EDB Postgres Advanced Server (EPAS) versions prior to 12.13.17
EnterpriseDB EDB Postgres Advanced Server (EPAS) versions prior to 13.9.13
EnterpriseDB EDB Postgres Advanced Server (EPAS) versions prior to 14.6.0
Description
The issue concerns the logging of unredacted passwords in certain situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE commands, and password redaction was configured using
edb filter log.redact password commands.Recommendations
For versions prior to 10.23.33, update to version 10.23.33 or later.
For versions prior to 11.18.29, update to version 11.18.29 or later.
For versions prior to 12.13.17, update to version 12.13.17 or later.
For versions prior to 13.9.13, update to version 13.9.13 or later.
For versions prior to 14.6.0, update to version 14.6.0 or later.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Edb Postgres Advanced Server