admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-411xx/CVE-2023-41117.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

136 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-41117",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T07:15:44.727",
"lastModified": "2024-11-21T08:20:37.593",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en EnterpriseDB Postgres Advanced Server (EPAS) antes de 11.21.32, 12.x antes de 12.16.20, 13.x antes de 13.12.16, 14.x antes de 14.9.0 y 15.x antes de 15.4.0. Contiene paquetes, paquetes independientes y funciones que ejecutan SECURITY DEFINER pero no est\u00e1n protegidos adecuadamente contra ataques search_path."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.21.32",
"matchCriteriaId": "6892B548-6E0D-47B5-9AD7-3EA937C243FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.16.20",
"matchCriteriaId": "15246CD4-D4F0-4FE7-AE1A-BDD2FCC67B5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.12.17",
"matchCriteriaId": "C3FA205A-6BF7-492C-A0F3-5AD01E35CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.0",
"versionEndExcluding": "14.9.0",
"matchCriteriaId": "12EC69DE-AFB1-476F-88BB-C7C0C348C19F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0.0",
"versionEndExcluding": "15.4.0",
"matchCriteriaId": "D3B7765D-34FD-479B-9C4E-9CAC34CC1AD2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.enterprisedb.com/docs/security/advisories/cve202341117/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.enterprisedb.com/docs/security/advisories/cve202341117/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink