CVE-2023-41116: 
EDB Postgres Advanced Server vulnerability analysis and mitigation

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) affecting multiple versions (before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0). The vulnerability, identified as CVE-2023-41116, was first published on August 21, 2023, and allows authenticated users to bypass permissions related to materialized views (EDB Advisory).

The vulnerability has been assigned a CVSS Base Score of 4.3 with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates a network-accessible vulnerability requiring low attack complexity and low privileges, with no user interaction needed. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (EDB Advisory).

The vulnerability allows an authenticated user to refresh any materialized view, regardless of that user's permissions. This represents a security bypass that could potentially allow users to manipulate data views beyond their intended access levels (EDB Advisory).

Users must upgrade to fixed versions: 11.21.32 or later, 12.16.20 or later, 13.12.17 or later, 14.9.0 or later, or 15.4.0 or later. After upgrading, existing database instance clusters must be patched using edb_sqlpatch. Users running unsupported versions should upgrade to receive these updates. It's important to note that the patch modifies system object definitions inside the database, which may cause noticeable behavioral differences (EDB Advisory).