Skip to content

Commit

Permalink
Merge pull request #4837 from EnterpriseDB/release/2023-09-21
Browse files Browse the repository at this point in the history
Release: 2023-09-21
  • Loading branch information
ccestes authored Sep 21, 2023
2 parents 0ec91b1 + aaa60ff commit a97ff5e
Show file tree
Hide file tree
Showing 37 changed files with 987 additions and 190 deletions.
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve.mdx.template
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE Title
navTitle: CVE ID as CVE-Year-Number
affectedProducts: one liner covering which products affected
---

First Published: YYYY/MM/DD (ISO8601)
Expand Down
13 changes: 9 additions & 4 deletions advocacy_docs/security/advisories/cve20074639.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2007-4639 - EDB Advanced Server 8.2 improperly handles debugging function calls
navTitle: CVE-2007-4639
affectedProducts: EDB Advanced Server 8.2
---

First Published: 2007/08/31
Expand All @@ -13,10 +14,14 @@ EDB Postgres Advanced Server 8.2 (EPAS) does not properly handle certain debuggi

## Vulnerability details

CVE-ID: [CVE-2007-4639](https://nvd.nist.gov/vuln/detail/CVE-2007-4639)
CVSS Base Score: Undefined
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVE-ID: [CVE-2007-4639](https://nvd.nist.gov/vuln/detail/CVE-2007-4639)

CVSS Base Score: Undefined

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: Undefined

## Affected products and versions
Expand Down
13 changes: 9 additions & 4 deletions advocacy_docs/security/advisories/cve201910128.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2019-10128 - EDB supplied PostgreSQL inherits ACL for installation directory
navTitle: CVE-2019-10128
affectedProducts: PostgreSQL
---

First Published: 2021/03/19
Expand All @@ -13,10 +14,14 @@ A vulnerability was found in PostgreSQL versions 11.x prior to 11.3. The Windows

## Vulnerability details

CVE-ID: [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128)
CVSS Base Score: 7.8
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVE-ID: [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128)

CVSS Base Score: 7.8

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

## Affected products and versions
Expand Down
13 changes: 9 additions & 4 deletions advocacy_docs/security/advisories/cve202331043.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-31043 - EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0
navTitle: CVE-2023-31043
affectedProducts: EDB Postgres Advanced Server 10.23.32 to 14.5.0
---

First Published: 2023/04/23
Expand All @@ -13,10 +14,14 @@ EDB Postgres Advanced Server (EPAS) versions before 14.6.0 log unredacted passwo

## Vulnerability details

CVE-ID: [CVE-2023-31043](https://nvd.nist.gov/vuln/detail/CVE-2023-31043)
CVSS Base Score: 7.5
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVE-ID: [CVE-2023-31043](https://nvd.nist.gov/vuln/detail/CVE-2023-31043)

CVSS Base Score: 7.5

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

## Affected products and versions
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341113.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41113 - EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()
navTitle: CVE-2023-41113
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341114.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41114 - EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL
navTitle: CVE-2023-41114
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341115.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41115 - EDB Postgres Advanced Server (EPAS) permission bypass for large objects
navTitle: CVE-2023-41115
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
6 changes: 2 additions & 4 deletions advocacy_docs/security/advisories/cve202341116.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41116 - EDB Postgres Advanced Server (EPAS) permission bypass for materialized views
navTitle: CVE-2023-41116
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand All @@ -9,10 +10,7 @@ Last Updated: 2023/08/30

## Summary

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before
11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and
15.x before 15.4.0. It allows an authenticated user to refresh any materialized
view, regardless of that user's permissions.
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions.

## Vulnerability details

Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341117.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41117 - EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path
navTitle: CVE-2023-41117
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341118.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41118 - EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass
navTitle: CVE-2023-41118
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341119.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41119 - EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser
navTitle: CVE-2023-41119
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341120.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41120 - EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission
navTitle: CVE-2023-41120
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
Loading

2 comments on commit a97ff5e

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

πŸŽ‰ Published on https://edb-docs.netlify.app as production
πŸš€ Deployed on https://650c621640025645462aa4ba--edb-docs.netlify.app

Please sign in to comment.