EnterpriseDB Postgres Advanced Server up to 15.3.x get_url_as_text/get_url_as_bytea permission

Summaryinfo

A vulnerability has been found in EnterpriseDB Postgres Advanced Server up to 11.21.31/12.16.19/13.12.15/14.8.x/15.3.x and classified as critical. Affected by this vulnerability is the function get_url_as_text/get_url_as_bytea. Performing a manipulation results in permission. This vulnerability is reported as CVE-2023-41114. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as critical, was found in EnterpriseDB Postgres Advanced Server up to 11.21.31/12.16.19/13.12.15/14.8.x/15.3.x. This affects the function get_url_as_text/get_url_as_bytea. The manipulation with an unknown input leads to a permission vulnerability. CWE is classifying the issue as CWE-275. This is going to have an impact on confidentiality. The summary by CVE is:

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions.

The weakness was disclosed 12/12/2023. It is possible to read the advisory at enterprisedb.com. This vulnerability is uniquely identified as CVE-2023-41114 since 08/23/2023. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1222 according to MITRE ATT&CK.

Upgrading to version 11.21.32, 12.16.20, 13.12.16, 14.9.0 or 15.4.0 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-45633). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• EnterpriseDB

Name

• Postgres Advanced Server

Version

• 11.21.0
• 11.21.1
• 11.21.2
• 11.21.3
• 11.21.4
• 11.21.5
• 11.21.6
• 11.21.7
• 11.21.8
• 11.21.9
• 11.21.10
• 11.21.11
• 11.21.12
• 11.21.13
• 11.21.14
• 11.21.15
• 11.21.16
• 11.21.17
• 11.21.18
• 11.21.19
• 11.21.20
• 11.21.21
• 11.21.22
• 11.21.23
• 11.21.24
• 11.21.25
• 11.21.26
• 11.21.27
• 11.21.28
• 11.21.29
• 11.21.30
• 11.21.31
• 12.16.0
• 12.16.1
• 12.16.2
• 12.16.3
• 12.16.4
• 12.16.5
• 12.16.6
• 12.16.7
• 12.16.8
• 12.16.9
• 12.16.10
• 12.16.11
• 12.16.12
• 12.16.13
• 12.16.14
• 12.16.15
• 12.16.16
• 12.16.17
• 12.16.18
• 12.16.19
• 13.12.0
• 13.12.1
• 13.12.2
• 13.12.3
• 13.12.4
• 13.12.5
• 13.12.6
• 13.12.7
• 13.12.8
• 13.12.9
• 13.12.10
• 13.12.11
• 13.12.12
• 13.12.13
• 13.12.14
• 13.12.15
• 14.0
• 14.1
• 14.2
• 14.3
• 14.4
• 14.5
• 14.6
• 14.7
• 14.8
• 15.0
• 15.1
• 15.2
• 15.3

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion