Uploaded image for project: 'EXASOL Roadmap'
  1. EXASOL Roadmap
  2. EXASOL-2904

Privilege escalation vulnerability for adapter-based row-level security

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: Exasol 6.2.0
    • Fix Version/s: Exasol 6.2.15
    • Component/s: None
    • Labels:
      None

      Description

      Vulnerability

      Classification: Medium

      We identified a privilege escalation vulnerability with adapter-based row-level security plugins that rely on extending filter conditions (e.g. https://github.com/exasol/row-level-security). An attacker can circumvent any rule that is defined to limit the number of visible rows.

      This only affects Exasol version 6.2. Later versions, e.g. 7.0, are not affected.

      Remediation

      Exasol 6.2 users that use such row-level security plugins should upgrade to Exasol version 6.2.15.

        Attachments

          Activity

            People

            • Assignee:
              CaptainEXA Captain EXASOL
              Reporter:
              CaptainEXA Captain EXASOL
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: