CVE-2023-31131 – Greenplum Database versions before 6.22.3 have ... (How to Fix)

Q: What is the severity of CVE-2023-31131?

CVE-2023-31131 has a CVSS score of 7.4 (HIGH). Greenplum Database versions before 6.22.3 have a path traversal vulnerability in tar file extraction within GPPKGs. This allows attackers to write arbitrary files anywhere the database process has access, potentially overwriting critical system files or data. All Greenplum Database users running vulnerable versions are affected.

📋 TL;DR

Greenplum Database versions before 6.22.3 have a path traversal vulnerability in tar file extraction within GPPKGs. This allows attackers to write arbitrary files anywhere the database process has access, potentially overwriting critical system files or data. All Greenplum Database users running vulnerable versions are affected.

💻 Affected Systems

Products:

Greenplum Database

Versions: All versions prior to 6.22.3

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in GPPKG tar extraction functionality; any system using vulnerable Greenplum versions is affected.

📦 What is this software?

Greenplum Database by Vmware

View all CVEs affecting Greenplum Database →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via overwriting critical system files, leading to system crash, data loss, or remote code execution.

🟠

Likely Case

Data corruption, service disruption, or unauthorized file modifications leading to operational impact.

🟢

If Mitigated

Limited impact if database runs with minimal privileges and file system permissions restrict write access to sensitive locations.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to upload or manipulate GPPKG tar files; no public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.23.2 or higher

Vendor Advisory: https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hgm9-2q42-c7f3

Restart Required: Yes

Instructions:

1. Backup all databases and configurations. 2. Download Greenplum Database version 6.23.2 or higher. 3. Stop all Greenplum services. 4. Install the updated version following official documentation. 5. Restart Greenplum services and verify functionality.

🔧 Temporary Workarounds

No known workarounds

all

Vendor states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

Restrict GPPKG file uploads and tar file processing to trusted sources only
Run Greenplum Database with minimal file system permissions and implement strict access controls

🔍 How to Verify

Check if Vulnerable:

Check Greenplum version: If version is below 6.22.3, system is vulnerable

Check Version:

gpstart --version

Verify Fix Applied:

Verify Greenplum version is 6.23.2 or higher after upgrade

📡 Detection & Monitoring

Log Indicators:

Unusual GPPKG extraction activities
File write errors in unexpected locations
Permission denied errors for system files

Network Indicators:

Unexpected GPPKG file transfers to Greenplum systems

SIEM Query:

source="greenplum.log" AND ("GPPKG" OR "tar extraction") AND ("error" OR "permission denied")

📊 Metadata

CVE ID: CVE-2023-31131

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

Published: May 15, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31131, you might also want to check these: