Summary
A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server,
allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenant isolation.
If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.
Affected Services
Database for PostgreSQL
Remediation
None required
Tracked CVEs
No tracked CVEs
References
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilitieshttps://msrc-blog.microsoft.com/2022/04/28/azure-database-for-postgresql-flexible-server-privilege-escalation-and-remote-code-execution
Contributed by https://github.com/0xdabbad00
Entry Status
Finalized
Disclosure Date
Tue, Jan 11th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
8.66
(PI:1.5/A1:20/A2:1/A7:1/A8:1.1)
Discovered by
Sagi Tzadik, Nir Ohfeld, Shir Tamari, Ronen Shustin, Wiz
