CVE-2023-41113

Name of the Vulnerable Software and Affected Versions EnterpriseDB Postgres Advanced Server (EPAS) versions 11.x through 11.21.31 EnterpriseDB Postgres Advanced Server (EPAS) versions 12.x through 12.16.19 EnterpriseDB Postgres Advanced Server (EPAS) versions 13.x through 13.12.15 EnterpriseDB Postgres Advanced Server (EPAS) versions 14.x through 14.8.99 EnterpriseDB Postgres Advanced Server (EPAS) versions 15.x through 15.3.99

Description The issue allows an authenticated user to obtain information about whether certain files exist on disk, what errors occur when attempting to read them, and some limited information about their contents, regardless of permissions. This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log line prefix and log connections.

Recommendations For versions 11.x through 11.21.31, update to version 11.21.32 or later. For versions 12.x through 12.16.19, update to version 12.16.20 or later. For versions 13.x through 13.12.15, update to version 13.12.16 or later. For versions 14.x through 14.8.99, update to version 14.9.0 or later. For versions 15.x through 15.3.99, update to version 15.4.0 or later.