CVE-2024-4545
📋 TL;DR
This vulnerability in EnterpriseDB Postgres Advanced Server (EPAS) allows low-privilege users using the edbldr utility to bypass role permissions and read files they shouldn't have access to. It affects EPAS versions 15.0-15.6.x and 16.0-16.2.x. This is a privilege escalation vulnerability that could lead to unauthorized file access.
💻 Affected Systems
- EnterpriseDB Postgres Advanced Server (EPAS)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Low-privilege database users could read sensitive system files, configuration files, or other protected data, potentially leading to credential theft, data exfiltration, or further system compromise.
Likely Case
Malicious or compromised database users could access files containing database credentials, application secrets, or sensitive configuration data.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized users who might accidentally access files they shouldn't, with detection possible through audit logging.
🎯 Exploit Status
Exploitation requires authenticated database access with edbldr privileges. The vulnerability is in the permission checking logic for edbldr operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.7.0 and 16.3.0
Vendor Advisory: https://www.enterprisedb.com/docs/security/advisories/cve20244545/
Restart Required: Yes
Instructions:
1. Download EPAS 15.7.0 or 16.3.0 from EnterpriseDB. 2. Stop the database service. 3. Apply the update following EnterpriseDB's upgrade procedures. 4. Restart the database service. 5. Verify the version is updated.
🔧 Temporary Workarounds
Restrict edbldr access
allRemove edbldr privileges from users who don't require it for legitimate operations.
REVOKE EXECUTE ON FUNCTION edbldr FROM <username>;
REVOKE USAGE ON SCHEMA edbldr FROM <username>;
Implement file system permissions
linuxUse operating system file permissions to restrict access to sensitive files that database users shouldn't access.
chmod 600 /path/to/sensitive/file
chown root:root /path/to/sensitive/file
🧯 If You Can't Patch
- Implement strict principle of least privilege for database users, granting only necessary permissions.
- Enable and monitor database audit logs for edbldr usage and file access attempts.
🔍 How to Verify
Check if Vulnerable:
Check EPAS version: SELECT version(); If version is between 15.0-15.6.x or 16.0-16.2.x, the system is vulnerable.Check Version:
SELECT version();Verify Fix Applied:
After patching, verify version is 15.7.0 or higher for EPAS 15, or 16.3.0 or higher for EPAS 16.📡 Detection & Monitoring
Log Indicators:
- Unusual edbldr activity from non-admin users
- File read operations from database users without pg_read_server_files role
Network Indicators:
- Database connections followed by unexpected file access patterns
SIEM Query:
source="database_logs" AND (edbldr OR file_read) AND user NOT IN (admin_users)🔗 References
- https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/
- https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes/
- https://www.enterprisedb.com/docs/security/advisories/cve20244545/
- https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/
- https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes/
- https://www.enterprisedb.com/docs/security/advisories/cve20244545/
