Bypass Role Permissions Vulnerability in EPAS
CVE-2024-4545

7.7HIGH

Key Information:

Vendor: Enterprisedb
Status: Edb Postgres Advanced Server
Vendor: CVE Published:; 14 May 2024

🔔 Create Enterprisedb Vulnerability Alert

What is CVE-2024-4545?

A vulnerability exists in EnterpriseDB Postgres Advanced Server versions prior to 15.7.0 and 16.3.0, where users utilizing the edbldr tool can potentially bypass role permissions associated with pg_read_server_files. This exploitation may permit low-privilege users to access files that they normally do not have permissions to read, thereby posing a risk of unauthorized data exposure. Organizations using affected versions should consider applying available patches and updates to mitigate this security concern.

Affected Version(s)

EDB Postgres Advanced Server 15.0 < 15.7.0

EDB Postgres Advanced Server 16.0 < 16.3.0

References

https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/

https://www.enterprisedb.com/docs/epas/latest/epas_rel_no...

https://www.enterprisedb.com/docs/security/advisories/cve...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
May 6, 2024

JSON