What is CVE-2023-31131?

CVE-2023-31131 is a vulnerability in the Greenplum Database (GPDB) prior to version 6.22.3 that allows path traversal leading to arbitrary file writes.

How severe is CVE-2023-31131?

CVE-2023-31131 has a severity rating of 9.1 (critical).

What software is affected by CVE-2023-31131?

Greenplum Database (GPDB) prior to version 6.22.3 is affected by CVE-2023-31131.

How can an attacker exploit CVE-2023-31131?

An attacker can exploit CVE-2023-31131 by performing a path traversal attack to write arbitrary files.

How can I fix CVE-2023-31131?

To fix CVE-2023-31131, update Greenplum Database to version 6.22.3 or later.

Vulnerability/
CVE-2023-31131

critical

9.1

CWE

15/5/2023

2/8/2024

CVE-2023-31131: Arbitrary File Write when Extracting Tarballs in greenplum-db

First published: Mon May 15 2023(Updated: )

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Vmware Greenplum Database	<6.22.3

Remedy

https://github.com/greenplum-db/gpdb/commit/1ec4affbba7c9745f64edbd80a6680ad29b09471

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-31131?
CVE-2023-31131 is a vulnerability in the Greenplum Database (GPDB) prior to version 6.22.3 that allows path traversal leading to arbitrary file writes.
How severe is CVE-2023-31131?
CVE-2023-31131 has a severity rating of 9.1 (critical).
What software is affected by CVE-2023-31131?
Greenplum Database (GPDB) prior to version 6.22.3 is affected by CVE-2023-31131.
How can an attacker exploit CVE-2023-31131?
An attacker can exploit CVE-2023-31131 by performing a path traversal attack to write arbitrary files.
How can I fix CVE-2023-31131?
To fix CVE-2023-31131, update Greenplum Database to version 6.22.3 or later.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/remedy
agent/author
agent/weakness
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/tags
agent/source
vendor/vmware
canonical/vmware greenplum database

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.