All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: EDB
Published: 2024-05-09T18:12:18.399Z
Updated: 2024-08-01T20:47:40.854Z
Reserved: 2024-05-06T13:09:28.537Z
Link: CVE-2024-4545
Vulnrichment
Updated: 2024-08-01T20:47:40.854Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:44:02.793
Modified: 2024-11-21T09:43:04.590
Link: CVE-2024-4545
Redhat
No data.