/
extrareplica.yaml
31 lines (31 loc) · 1.34 KB
/
extrareplica.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
title: ExtraReplica
slug: extrareplica
cves: null
affectedPlatforms:
- Azure
affectedServices:
- Database for PostgreSQL
image: https://www.datocms-assets.com/75231/1659934983-new-replica.png
severity: Critical
piercingIndexVector: {version: 1.5, A1: 20, A2: 1, A7: 1.0, A8: 1.1}
discoveredBy:
name: Sagi Tzadik, Nir Ohfeld, Shir Tamari, Ronen Shustin
org: Wiz
domain: https://www.wiz.io/
twitter: null
disclosedAt: 2022/01/11
publishedAt: 2022/04/28
exploitabilityPeriod: null
knownITWExploitation: false
summary: |
A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server,
allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenant isolation.
If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.
manualRemediation: |
None required
detectionMethods: null
contributor: https://github.com/0xdabbad00
references:
- https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
- https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities
- https://msrc-blog.microsoft.com/2022/04/28/azure-database-for-postgresql-flexible-server-privilege-escalation-and-remote-code-execution