Описание
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploits this vulnerability would gain the same privileges as the SuperUser role.
How could an attacker exploit this vulnerability?
An attacker with the administrator role of "azure_pg_admin" in the target environment could exploit this vulnerability to gain the same privileges as a SuperUser by sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled.
According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires the attacker to have administrator privileges on the target system.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Database for PostgreSQL Flexible Server 16 | ||
| Azure Database for PostgreSQL Flexible Server 15 | ||
| Azure Database for PostgreSQL Flexible Server 14 | ||
| Azure Database for PostgreSQL Flexible Server 13 | ||
| Azure Database for PostgreSQL Flexible Server 12 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.2 High
CVSS3
Связанные уязвимости
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
Уязвимость системы управления базами данных Azure Database for PostgreSQL Flexible Server, связанная с непринятием мер по чистке данных на управляющем уровне, позволяющая нарушителю выполнить произвольный код и повысить свои привилегии
EPSS
7.2 High
CVSS3