Password Logging Vulnerability in EDB Postgres Advanced Server by EnterpriseDB
CVE-2023-31043

7.5HIGH

Key Information:

Vendor: Enterprisedb
Status: Postgres Advanced Server
Vendor: CVE Published:; 23 April 2023

🔔 Create Enterprisedb Vulnerability Alert

What is CVE-2023-31043?

EDB Postgres Advanced Server suffers from a vulnerability where unredacted passwords can be logged during the execution of optional parameters associated with the CREATE, ALTER USER, GROUP, and ROLE commands. This occurs even when password redaction is configured through the edb_filter_log.redact_password_commands setting. Users of affected versions risk exposing sensitive password information, as the system fails to appropriately redact this data, thereby potentially compromising the security of the database environment.

References

https://www.enterprisedb.com/docs/epas/14/epas_rel_notes/...

https://www.enterprisedb.com/docs/epas/13/epas_rel_notes/...

https://www.enterprisedb.com/docs/epas/12/epas_rel_notes/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2023
Vulnerability Reserved
Apr 23, 2023

JSON