critical

ExtraReplica

Published Thu, Apr 28th, 2022

Platforms

azure

Summary

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server, allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenant isolation. If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.

Affected Services

Database for PostgreSQL

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilitieshttps://msrc-blog.microsoft.com/2022/04/28/azure-database-for-postgresql-flexible-server-privilege-escalation-and-remote-code-execution

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Tue, Jan 11th, 2022

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

8.66

(PI:1.5/A1:20/A2:1/A7:1/A8:1.1)

Discovered by

Sagi Tzadik, Nir Ohfeld, Shir Tamari, Ronen Shustin, Wiz

More vulnerabilities...

high

AWS SSM agent local privilege escalation

aws

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate p...

Matthias Gerstner, SUSE
high

Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

aws

AWS's hotpatches for Log4shell worked as intended but introduced new container escape vulnerabilities.

Yuval Avrahami, Palo Alto
low

Privilege Escalation to SYSTEM in AWS VPN Client

aws

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation and an information disclosure vulnerability that allows the user's Net-NTLMv2...

David Yesland, Rhino Security
View all