CVE-2023-41120: 
EDB Postgres Advanced Server vulnerability analysis and mitigation

A vulnerability was discovered in EnterpriseDB Postgres Advanced Server (EPAS) affecting versions before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. The vulnerability, identified as CVE-2023-41120, was first published on August 21, 2023 (EDB Docs).

The vulnerability allows authenticated users to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of their permissions. The vulnerability has been assigned a CVSS Base Score of 6.5 with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (EDB Docs).

The vulnerability enables unauthorized removal of system-wide profiling data, potentially affecting system monitoring and auditing capabilities. This could impact the integrity of profiling information across the database system (EDB Docs).

Users must upgrade to fixed versions: 11.21.32 or later, 12.16.20 or later, 13.12.17 or later, 14.9.0 or later, or 15.4.0 or later. After upgrading, existing database instance clusters must be patched using edb_sqlpatch. Users running unsupported versions should upgrade to receive these updates. It's important to note that the patch modifies system object definitions, which may cause behavioral differences after application (EDB Docs).