CVE-2023-41114

Summary

CVE-2023-41114 is a vulnerability discovered in EnterpriseDB Postgres Advanced Server (EPAS) versions 11.21.32 and earlier, 12.x versions before 12.16.20, 13.x versions before 13.12.16, 14.x versions before 14.9.0, and 15.x versions before 15.4.0. This vulnerability allows an authenticated user to read any file from the local filesystem or remote system regardless of their permissions by exploiting the publicly executable functions get_url_as_text and get_url_as_bytea. The affected products include t1jDwH, t1jDwG, t1jDwF, t1jDwE, t1jDwI, rFFds_, rFFds-, rFFds9, rFFds8, and many others listed in the source data. The severity of this vulnerability is rated as MEDIUM with a base score of 6.5 according to the National Vulnerability Database (NVD). Users are advised to update their software to the latest patched version to remediate this vulnerability and protect their organization from potential information exposure risks. Note: The above report has been generated using the provided data without any additional external sources or context provided by the user

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.