CVE-2024-4545

CVSS V2 None CVSS V3 None

Description

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.

Overview

CVE ID
CVE-2024-4545

Assigner
EDB

Vulnerability Status
PUBLISHED

Published Version
2024-05-09T18:12:18.399Z

Last Modified Date
2024-06-04T17:55:25.980Z

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/
https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes/
https://www.enterprisedb.com/docs/security/advisories/cve20244545/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-4545
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4545

History

Created	Old Value	New Value	Data Type	Notes
2024-06-23 22:28:22				Added to TrackCVE