Microsoft on Thursday disclosed that it tackled a pair of issues with the Azure Database for PostgreSQL Flexible Server that could outcome in unauthorized cross-account databases entry in a region.
“By exploiting an elevated permissions bug in the Adaptable Server authentication course of action for a replication consumer, a malicious user could leverage an improperly anchored typical expression to bypass authentication to obtain obtain to other customers’ databases,” Microsoft Security Response Center (MSRC) claimed.
New York Town-based mostly cloud security enterprise Wiz, which uncovered the flaws, dubbed the exploit chain “ExtraReplica.” Microsoft stated it mitigated the bug inside of 48 several hours of disclosure on January 13, 2022.
Precisely, it relates to a situation of privilege escalation in the Azure PostgreSQL motor to acquire code execution and a cross-account authentication bypass by suggests of a cast certificate, letting an attacker to create a database in the target’s Azure location and exfiltrate sensitive info.
In other words and phrases, thriving exploitation of the critical flaws could have enabled an adversary to obtain unauthorized read access to other customers’ PostgreSQL databases, correctly circumventing tenant isolation.
Wiz zeroed down the privilege escalation to a bug stemming as a outcome of modifications introduced in the PostgreSQL motor to harden their privilege model and add new attributes. The identify ExtraReplica will come from the reality that the exploit leverages a PostgreSQL attribute that permits copying databases knowledge from one particular server to an additional, i.e., “replicating” the database.
The Windows maker described the security vulnerability as influencing PostgreSQL Versatile Server circumstances deployed employing the community accessibility networking option, but pressured that it did not obtain evidence of the flaw currently being actively exploited and that no customer information was accessed.
“No motion is required by clients,” MSRC said. “In get to further lower exposure, we recommend that shoppers enable non-public network entry when setting up their Adaptable Server situations.”
Located this write-up appealing? Stick to THN on Fb, Twitter and LinkedIn to examine far more unique written content we submit.
Some parts of this article are sourced from:
thehackernews.com