Vulnerability Details CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.7%
CVSS Severity
CVSS v3 Score 7.5
References
- https://www.enterprisedb.com/docs/epas/10/epas_rel_notes/epas10_23_33_rel_notes/
- https://www.enterprisedb.com/docs/epas/11/epas_rel_notes/epas11_18_29_rel_notes/
- https://www.enterprisedb.com/docs/epas/12/epas_rel_notes/epas12_13_17_rel_notes/
- https://www.enterprisedb.com/docs/epas/13/epas_rel_notes/epas13_9_13_rel_notes/
- https://www.enterprisedb.com/docs/epas/14/epas_rel_notes/epas14_6_0_rel_notes/
- https://www.enterprisedb.com/docs/epas/10/epas_rel_notes/epas10_23_33_rel_notes/
- https://www.enterprisedb.com/docs/epas/11/epas_rel_notes/epas11_18_29_rel_notes/
- https://www.enterprisedb.com/docs/epas/12/epas_rel_notes/epas12_13_17_rel_notes/
- https://www.enterprisedb.com/docs/epas/13/epas_rel_notes/epas13_9_13_rel_notes/
- https://www.enterprisedb.com/docs/epas/14/epas_rel_notes/epas14_6_0_rel_notes/
Products affected by CVE-2023-31043
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:-
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.0.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.10.18
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.11.19
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.12.20
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.13.21
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.14.22
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.14.23
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.15.24
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.16.25
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.17.26
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.17.27
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.18.28
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.19.29
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.20.30
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.21.31
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.22.32
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.4.9
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.5.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.6.13
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.7.15
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.8.16
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:10.9.17
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.1.7
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.10.19
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.11.20
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.12.21
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.12.22
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.13.23
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.14.24
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.15.25
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.16.26
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.17.28
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.2.9
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.3.10
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.4.11
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.5.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.6.13
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.7.14
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.8.15
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.9.16
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:11.9.17
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.1.2
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.10.14
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.11.15
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.12.16
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.2.3
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.3.4
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.4.5
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.5.6
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.6.7
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.7.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.7.10
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.8.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:12.9.13
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.1.4
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.2.5
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.3.6
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.3.7
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.4.8
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.5.9
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.6.10
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.7.11
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:13.8.12
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.1.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.2.1
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.3.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.4.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:14.5.0
-
cpe:2.3:a:enterprisedb:postgres_advanced_server:8.2