Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr
Vulnerability Description
All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
EnterpriseDB Postgres Advanced Server 安全漏洞
Vulnerability Description
EnterpriseDB Postgres Advanced Server(EPAS)是美国EnterpriseDB公司的一个应用程序。用于扩展 Postgres 数据库的功能。 EnterpriseDB Postgres Advanced Server存在安全漏洞,该漏洞源于允许读取他们原本无法访问的文件。以下版本受到影响:15.0版本至15.7.0之前版本、16.0版本至16.3.0之前版本。
CVSS Information
N/A
Vulnerability Type
N/A