BDU:2023-04768

BDU

Low

Уязвимость системы управления базами данных PostgreSQL связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволит…

CVSS

3.1

Low

EPSS

0.00

Published

2023-01-01

Updated

2023-01-01

Description

Уязвимость системы управления базами данных PostgreSQL связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю читать и обновлять защищенные данные

Affected products

Postgres professional Postgres pro certifiedPostgres professional Postgres pro certifiedPostgres professional Postgres pro certifiedPostgres professional Postgres pro certifiedPostgres professional Postgres pro certifiedPostgresql global development group PostgresqlPostgresql global development group PostgresqlPostgresql global development group PostgresqlPostgresql global development group PostgresqlPostgresql global development group Postgresql

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Timeline

2023-01-01

Published

2023-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: H

High (H)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: L

Low (L)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
postgres pro certified	postgres professional	Tracked
postgres pro certified	postgres professional	Tracked
postgres pro certified	postgres professional	Tracked
postgres pro certified	postgres professional	Tracked
postgres pro certified	postgres professional	Tracked
postgresql	postgresql global development group	Tracked
postgresql	postgresql global development group	Tracked
postgresql	postgresql global development group	Tracked
postgresql	postgresql global development group	Tracked
postgresql	postgresql global development group	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2023-39418

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39418@https://access.redhat.com/security/cve/CVE-2023-39418@https://bugzilla.redhat.com/show_bug.cgi?id=2228112@https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229@https://www.postgresql.org/support/security/CVE-2023-39418/@https://www.cybersecurity-help.cz/vdb/SB2023081132@https://postgrespro.ru/products/postgrespro/certified@https://altsp.su/obnovleniya-bezopasnosti/@http://repo.red-soft.ru/redos/7.3c/x86_64/updates/@https://abf.rosa.ru/advisories/ROSA-SA-2024-2486@https://abf.rosa.ru/advisories/ROSA-SA-2024-2486