8.8
CVE-2023-41119
- EPSS 0.08%
- Veröffentlicht 12.12.2023 07:15:45
- Zuletzt bearbeitet 21.11.2024 08:20:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Enterprisedb ≫ Postgres Advanced Server Version < 11.21.32
Enterprisedb ≫ Postgres Advanced Server Version >= 12.0.0 < 12.16.20
Enterprisedb ≫ Postgres Advanced Server Version >= 13.0.0 < 13.12.17
Enterprisedb ≫ Postgres Advanced Server Version >= 14.0.0 < 14.9.0
Enterprisedb ≫ Postgres Advanced Server Version >= 15.0.0 < 15.4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.241 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cve@mitre.org | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.