CVE-2024-4545
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| EnterpriseDB | EDB Postgres Advanced Server | 15.0 < 15.7.0 | affected |
| EnterpriseDB | EDB Postgres Advanced Server | 16.0 < 16.3.0 | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/
- https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes/
- https://www.enterprisedb.com/docs/security/advisories/cve20244545/
References
- https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/
- https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes/
- https://www.enterprisedb.com/docs/security/advisories/cve20244545/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.