Plattform
postgresql
Komponente
edb-postgres-advanced-server
Behoben in
15.7.0
16.3.0
CVE-2024-4545 affects EnterpriseDB Postgres Advanced Server (EPAS) and allows users leveraging the edbldr utility to bypass role permissions. This bypass enables low-privilege users to read files they would normally be restricted from accessing, potentially exposing sensitive data. Versions 15.0 through 16.3.0 are vulnerable, and a fix is available in version 16.3.0.
The primary impact of CVE-2024-4545 is unauthorized file access. An attacker with low privileges can exploit this vulnerability to read sensitive data stored on the server, potentially including configuration files, database credentials, or application code. This could lead to data breaches, privilege escalation, and further compromise of the system. While the vulnerability requires the use of edbldr, its potential for data exfiltration makes it a significant security concern. The ability to bypass role permissions represents a significant deviation from expected security behavior, allowing attackers to circumvent established access controls.
CVE-2024-4545 was publicly disclosed on May 9, 2024. Currently, there are no reports of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the relatively straightforward nature of the bypass suggests that such exploits may emerge. The EPSS score is pending evaluation.
Organizations running EnterpriseDB Postgres Advanced Server in production environments, particularly those utilizing edbldr for database administration tasks, are at risk. Environments with less stringent access controls and those running older, unpatched versions of EPAS are especially vulnerable. Shared hosting environments using EPAS also face increased risk due to the potential for cross-tenant exploitation.
• postgresql: Use psql -c "SELECT version();" to verify the EPAS version. If it's below 16.3.0, the system is vulnerable.
• linux / server: Examine auditd logs for edbldr process executions with unusual user contexts.
auditd -l | grep edbldr• generic web: Monitor access logs for requests to files that should be protected by role-based access controls, especially those accessed via edbldr.
disclosure
Exploit-Status
EPSS
0.08% (23% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-4545 is upgrading to EnterpriseDB Postgres Advanced Server version 16.3.0 or later. If immediate upgrading is not feasible, implement stricter access controls for the edbldr utility. This includes limiting the users who can execute edbldr and restricting the files and directories it can access. Consider implementing a Web Application Firewall (WAF) or proxy to inspect and filter traffic related to edbldr calls, blocking suspicious requests. Regularly review and audit edbldr usage to identify and address any anomalous activity.
Actualice EDB Postgres Advanced Server a la versión 15.7.0 o superior, o a la versión 16.3.0 o superior. Esto corrige la vulnerabilidad de omisión de permisos de lectura de archivos. Consulte las notas de la versión de EnterpriseDB para obtener más detalles sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-4545 is a HIGH severity vulnerability in EDB Postgres Advanced Server allowing low-privilege users to bypass role permissions and read restricted files using the edbldr utility.
You are affected if you are running EDB Postgres Advanced Server versions 15.0 through 16.3.0. Upgrade to 16.3.0 or later to mitigate the risk.
Upgrade to EnterpriseDB Postgres Advanced Server version 16.3.0 or later. If immediate upgrade is not possible, restrict access to edbldr and review user permissions.
As of May 9, 2024, there is no indication of active exploitation in the wild, but the vulnerability's nature suggests potential for future exploitation.
Refer to the official EnterpriseDB security advisory for detailed information and updates: [https://www.enterprisedb.com/security/advisories/edb-sa-2024-0007](https://www.enterprisedb.com/security/advisories/edb-sa-2024-0007)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.