Two Critical Flaws Found in Alibaba Clouds PostgreSQL Databases


Cloud security company Wiz recently released a report that was shared with The Hacker News. The vulnerabilities potentially allowed unauthorised access to Alibaba Cloud customers PostgreSQL databases and the ability to perform a supply chain attack on both Alibaba database services, leading to an RCE on Alibaba database services, the report read.

BrokenSesame concerns were reported to Alibaba Cloud in December 2022 after the firm deployed mitigations on April 12, 2023. There is no proof that the flaws were used in the wild as exploits. Alibaba Clouds ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL have been found to contain a pair of serious weaknesses that together might allow unauthorised access to other users sensitive data by bypassing tenant isolation safeguards.

Read More…