critical

ExtraReplica

Published Thu, Apr 28th, 2022

Platforms

Summary

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server, allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenant isolation. If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.

Affected Services

Database for PostgreSQL

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities https://msrc-blog.microsoft.com/2022/04/28/azure-database-for-postgresql-flexible-server-privilege-escalation-and-remote-code-execution

Contributed by https://github.com/0xdabbad00

Disclosure Date

Tue, Jan 11th, 2022

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

8.66

(PI:1.5/A1:20/A2:1/A7:1/A8:1.1)

Discovered by

Sagi Tzadik, Nir Ohfeld, Shir Tamari, Ronen Shustin, Wiz

More vulnerabilities...

high

AWS SSM agent local privilege escalation

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate p...

Matthias Gerstner, SUSE

Wed, Apr 20th, 2022

high

Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

AWS's hotpatches for Log4shell worked as intended but introduced new container escape vulnerabilities.

Yuval Avrahami, Palo Alto

Tue, Apr 19th, 2022

low

Privilege Escalation to SYSTEM in AWS VPN Client

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation and an information disclosure vulnerability that allows the user's Net-NTLMv2...

David Yesland, Rhino Security

Tue, Apr 12th, 2022

View all