Skip to content

Commit

Permalink
Fixed indexes
Browse files Browse the repository at this point in the history 
Signed-off-by: Dj Walker-Morgan <[email protected]>
  • Loading branch information
@djw-m
djw-m committed Aug 21, 2023
1 parent 78ffe4a commit e4cc73b
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 32 deletions.
32 changes: 16 additions & 16 deletions advocacy_docs/security/advisories/index.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ Advisories with numbers in the format `CVE-YYYY-XXXXX-n` are submitted and pendi
&nbsp;&nbsp;<a href="cve2023xxxxx1">Read Advisory</a>
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path</h4>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0</h5>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0 contain packages, standalone packages and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0 contain packages, standalone packages and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
<br/>
<a href="cve2023xxxxx1">Read More...</a>
</details>
Expand All @@ -48,11 +48,11 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32,
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser
</h4>
<h5>All EnterpriseDB Postgres Advanced Server (EPAS) versions prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0 </h5>
<h5>All EnterpriseDB Postgres Advanced Server (EPAS) versions prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 </h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0 contain the function _dbms_aq_move_to_exception_queue which may be used to elevate a user’s privileges to superuser. This function accepts the OID of a table, then accesses that table as the superuser using SELECT and DML commands.
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0 contain the function _dbms_aq_move_to_exception_queue which may be used to elevate a user’s privileges to superuser. This function accepts the OID of a table, then accesses that table as the superuser using SELECT and DML commands.
<br/>
<a href="cve2023xxxxx2">Read More...</a>
</details>
Expand All @@ -67,11 +67,11 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32,
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()
</h4>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0</h5>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0 allow an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents regardless of permissions. This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections. <br/>
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0 allow an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents regardless of permissions. This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections. <br/>
<a href="cve2023xxxxx3">Read More...</a>
</details>
</td></tr>
Expand All @@ -86,10 +86,10 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32,
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass
</h4>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0</h5></summary>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5></summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0 may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0 may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.
<br/>
<a href="cve2023xxxxx4">Read More...</a>
</details></td></tr>
Expand All @@ -101,11 +101,11 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32,
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) permission bypass for materialized views
</h4>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0</h5>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) up to 11.21.32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0 using DBMS_MVIEW allows an authenticated user to refresh any materialized view, regardless of that user’s permissions.
All versions of EnterpriseDB Postgres Advanced Server (EPAS) up to 11.21.32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0 using DBMS_MVIEW allows an authenticated user to refresh any materialized view, regardless of that user’s permissions.
<br/>
<a href="cve2023xxxxx5">Read More...</a>
</details></td></tr>
Expand All @@ -117,11 +117,11 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) up to 11.21.32, 12.
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL
</h4>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0</h5>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) up to 11.21,32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0 contain the functions `get_url_as_text` and `get_url_as_bytea`. These functions are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions.
All versions of EnterpriseDB Postgres Advanced Server (EPAS) up to 11.21,32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0 contain the functions `get_url_as_text` and `get_url_as_bytea`. These functions are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions.
<br/>
<a href="cve2023xxxxx6">Read More...</a>
</details></td></tr>
Expand All @@ -133,11 +133,11 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) up to 11.21,32, 12.
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) permission bypass for materialized views
</h4>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0</h5>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0, using UTL_ENCODE allows an authenticated user to read any large object, regardless of that users permissions.
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0, using UTL_ENCODE allows an authenticated user to read any large object, regardless of that users permissions.
<br/>
<a href="cve2023xxxxx7">Read More...</a>
</details></td></tr>
Expand All @@ -149,11 +149,11 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32,
&nbsp;&nbsp;Updated: </span><span>2023/08/21</span>
<h4>EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission
</h4>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0, 15.4.0</h5>
<h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.16, 14.9.0 and 15.4.0 permit an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user’s permissions.
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0 and 15.4.0 permit an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user’s permissions.
<br/>
<a href="cve2023xxxxx8">Read More...</a>
</details></td></tr>
Expand Down
Loading

0 comments on commit e4cc73b

Please sign in to comment.