critical

ExtraReplica

Published Thu, Apr 28th, 2022
Platforms

Summary

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server, allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenant isolation. If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.

Affected Services

Database for PostgreSQL

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Tue, Jan 11th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Sagi Tzadik, Nir Ohfeld, Shir Tamari, Ronen Shustin, Wiz