exploitDog

CVE-2023-41119

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.

Ссылки

https://www.enterprisedb.com/docs/security/advisories/cve202341119/
Vendor Advisory
https://www.enterprisedb.com/docs/security/advisories/cve202341119/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*

Версия до 11.21.32 (исключая)

cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.16.20 (исключая)

cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*

Версия от 13.0.0 (включая) до 13.12.17 (исключая)

cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*

Версия от 14.0.0 (включая) до 14.9.0 (исключая)

cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*

Версия от 15.0.0 (включая) до 15.4.0 (исключая)

EPSS

Процентиль: 24%

0.0008

Низкий

8.8 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-jrqw-cwpm-3q7j

CVSS3: 8.8

github

около 2 лет назад

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.

EPSS

Процентиль: 24%

0.0008

Низкий

8.8 High

CVSS3

Дефекты

CWE-269