WARNING: CRITICAL 9.8 VULNERABILITY IN ENTERPRISEDB (EDB) POSTGRES ADVANCED SERVER (EPAS). PATCH IMMEDIATELY!

Reference:
Advisory #2023-156

Version:
1.0

Affected software:
EnterpriseDB Postgres Advanced Server (EPAS) 11.21.32
EnterpriseDB Postgres Advanced Server (EPAS) 12.16.20
EnterpriseDB Postgres Advanced Server (EPAS) 13.12.17
EnterpriseDB Postgres Advanced Server (EPAS) 14.9.0
EnterpriseDB Postgres Advanced Server (EPAS) 15.4.0

Type:
SEARCH_PATH attack

CVE/CVSS:
CVE-2023-41117 - CVSS: 9.8 (CRITICAL)
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

• https://www.postgresql.org/docs/current/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY
• https://www.enterprisedb.com/docs/security/advisories/cve202341117/

Risks

EnterpriseDB Postgres Advanced Server is a PostgreSQL relational database management server (RDBMS).  CVE-2023-41117 vulnerable versions contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against SEARCH_PATH attacks.

Description

A successful PostgreSQL SEARCH_PATH attack lets a malicious user create objects (e.g., tables, functions, and operators) which can severely impact the integrity of the database.

No exploits are publicly available at the time of writing.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to upgrade to version 11.21.32, 12.16.20, 13.12.16, 14.9.0 or 15.4.0 to eliminate the vulnerability.

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-41117
• https://vuldb.com/?id.247464
• https://www.cybertec-postgresql.com/en/abusing-security-definer-functions/