Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-41118

Опубликовано: 12 дек. 2023
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
Версия до 11.21.32 (исключая)
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
Версия от 12.0.0 (включая) до 12.16.20 (исключая)
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
Версия от 13.0.0 (включая) до 13.12.17 (исключая)
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
Версия от 14.0.0 (включая) до 14.9.0 (исключая)
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
Версия от 15.0.0 (включая) до 15.4.0 (исключая)

EPSS

Процентиль: 20%
0.00065
Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-75qc-j87q-6gh5

CVSS3: 8.8
github
около 2 лет назад

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.

EPSS

Процентиль: 20%
0.00065
Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo