CVE-2023-31043
Published: 23 April 2023
Summary
CVE-2023-31043 is a high-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Enterprisedb Postgres Advanced Server. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35380
Vulnerability details
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Configuration settings can define and enforce strong password requirements to avoid weak policies.
Training on secure data handling discourages cleartext storage of sensitive information.
Data action mapping can detect storage actions that leave sensitive information in cleartext.
IA policy establishes password requirements, directly addressing weak password requirements.
Ensuring authenticators have sufficient strength of mechanism for intended use addresses weak password requirements.
Policy requires protection measures such as encryption for sensitive data stored on media, preventing cleartext exposure.
Organization-wide password and authentication policies are applied uniformly, preventing weak local password requirements.
Facilitated training and awareness of current practices improves definition and enforcement of sufficiently strong password requirements.