CVE-2023-41117

Name of the Vulnerable Software and Affected Versions EnterpriseDB Postgres Advanced Server versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server versions prior to 12.16.20 EnterpriseDB Postgres Advanced Server versions prior to 13.12.16 EnterpriseDB Postgres Advanced Server versions prior to 14.9.0 EnterpriseDB Postgres Advanced Server versions prior to 15.4.0

Description The issue is related to packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search path attacks. This means that the functions are not properly protected and can be exploited by manipulating the search path.

Recommendations For versions prior to 11.21.32, upgrade to version 11.21.32 or later. For versions prior to 12.16.20, upgrade to version 12.16.20 or later. For versions prior to 13.12.16, upgrade to version 13.12.16 or later. For versions prior to 14.9.0, upgrade to version 14.9.0 or later. For versions prior to 15.4.0, upgrade to version 15.4.0 or later. As a temporary workaround, consider restricting access to the vulnerable packages and functions until a patch is applied. Patching of existing clusters is required to fix the issue.