Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution | allinfosecnews.com

April 28, 2022, 7 a.m. |

Microsoft Security Response Center msrc-blog.microsoft.com

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers’ databases.

azure code code execution database escalation postgresql privilege privilege escalation remote code remote code execution server

More from msrc-blog.microsoft.com / Microsoft Security Response Center

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 1 week ago | msrc-blog.microsoft.com

check chen customers hard +13

Toward greater transparency: Adopting the CWE standard for Microsoft CVEs 2 weeks, 2 days ago | msrc-blog.microsoft.com

center communities current customers +20

Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team 3 weeks, 1 day ago | msrc-blog.microsoft.com

analysts banking collect curiosity +20

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard 1 month, 2 weeks ago | msrc-blog.microsoft.com

actions actor attack blizzard +24

Faye’s Journey: From Security PM to Diversity Advocate at Microsoft 1 month, 3 weeks ago | msrc-blog.microsoft.com

career deployment desktop desktops +9

Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and … 1 month, 4 weeks ago | msrc-blog.microsoft.com

award awards bounty bug +16

From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin 1 month, 4 weeks ago | msrc-blog.microsoft.com

adventures cybersecurity dream found +7

An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career … 2 months ago | msrc-blog.microsoft.com

bruce career college dream +13

New Security Advisory Tab Added to the Microsoft Security Update Guide 2 months, 1 week ago | msrc-blog.microsoft.com

advisory customers feedback guide +16

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Operations Analyst

@ Astranis | San Francisco

View on infosec-jobs.com

Manager - Business continuity Security and Safety.Risk and Compliance

@ MTN | Benin

View on infosec-jobs.com

Cyber Analyst, Digital Forensics Incident Response

@ At-Bay | Canada

View on infosec-jobs.com

Technical Product Manager, AppSec and DevSecOps

@ Penn Interactive | Philadelphia

View on infosec-jobs.com

Experienced Cloud Security Engineer (m/f/d) - Cybersecurity

@ MediaMarktSaturn | Barcelona, ES, 8003

View on infosec-jobs.com