PT-2024-31639 · Enterprisedb · Enterprisedb Postgres Advanced Server

Published

2024-05-09

Updated

2024-05-14

CVE-2024-4545

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server (EPAS) versions 15.0 through 15.6.x EnterpriseDB Postgres Advanced Server (EPAS) versions 16.0 through 16.2.x

Description: The issue allows users utilizing edbldr to bypass role permissions from pg read server files, potentially enabling low-privilege users to access files they would not normally have access to.

Recommendations: For versions 15.0 through 15.6.x, update to version 15.7.0 or later. For versions 16.0 through 16.2.x, update to version 16.3.0 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-4545

Affected Products

Enterprisedb Postgres Advanced Server

PT-2024-31639 · Enterprisedb · Enterprisedb Postgres Advanced Server

CVE-2024-4545

Weakness Enumeration

Related Identifiers

Affected Products

References · 4