CVE-2023-41115
published 2023-12-12CVE-2023-41115: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.59%
43.7th percentile
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enterprisedb | postgres_advanced_server | < 11.21.32 | 11.21.32 |
| enterprisedb | postgres_advanced_server | >= 12.0.0 < 12.16.20 | 12.16.20 |
| enterprisedb | postgres_advanced_server | >= 13.0.0 < 13.12.17 | 13.12.17 |
| enterprisedb | postgres_advanced_server | >= 14.0.0 < 14.9.0 | 14.9.0 |
| enterprisedb | postgres_advanced_server | >= 15.0.0 < 15.4.0 | 15.4.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-12
Published