admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-411xx/CVE-2023-41116.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

136 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-41116",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T07:15:44.267",
"lastModified": "2024-11-21T08:20:37.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en EnterpriseDB Postgres Advanced Server (EPAS) antes de 11.21.32, 12.x antes de 12.16.20, 13.x antes de 13.12.16, 14.x antes de 14.9.0 y 15.x antes de 15.4.0. Permite a un usuario autenticado actualizar cualquier vista materializada, independientemente de los permisos de ese usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.21.32",
"matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.16.20",
"matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.12.17",
"matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.9.0",
"matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.4.0",
"matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.enterprisedb.com/docs/security/advisories/cve202341116/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.enterprisedb.com/docs/security/advisories/cve202341116/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink