Password Logging Vulnerability in EDB Postgres Advanced Server by EnterpriseDB
CVE-2023-31043

7.5HIGH

Key Information:

Vendor: Enterprisedb
Status: Postgres Advanced Server
Vendor: CVE Published:; 23 April 2023

🔔 Create Enterprisedb Vulnerability Alert

What is CVE-2023-31043?

EDB Postgres Advanced Server suffers from a vulnerability where unredacted passwords can be logged during the execution of optional parameters associated with the CREATE, ALTER USER, GROUP, and ROLE commands. This occurs even when password redaction is configured through the edb_filter_log.redact_password_commands setting. Users of affected versions risk exposing sensitive password information, as the system fails to appropriately redact this data, thereby potentially compromising the security of the database environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.enterprisedb.com/docs/epas/14/epas_rel_notes/...

https://www.enterprisedb.com/docs/epas/13/epas_rel_notes/...

https://www.enterprisedb.com/docs/epas/12/epas_rel_notes/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2023
Vulnerability Reserved
Apr 23, 2023

JSON

Enterprisedb

What is CVE-2023-31043?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.