Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-43613

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Azure Database For Postgresql Flexible Server
Vendor: CVE Published:; 12 November 2024

Summary

An elevation of privilege vulnerability exists in Azure Database for PostgreSQL Flexible Server. This vulnerability potentially allows an attacker to gain unauthorized access to system resources by exploiting insufficient permissions within the server extension. An attacker could execute unintended commands, leading to unauthorized actions that compromise the security and integrity of the database. It is essential for users of the affected product to apply the latest updates and follow best security practices to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Azure Database for PostgreSQL Flexible Server Unknown 16.4.0 < 16.4

Azure Database for PostgreSQL Flexible Server Unknown 15.8

Azure Database for PostgreSQL Flexible Server Unknown 14.13

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed