VDB

GCVE-110-CLOUD-2023-0040

GCVE-110-CLOUD-2023-0040
Advisory Published
Vulnetix · Advisory published April 19, 2023
ApsaraDB and AnalyticDB contained several vulnerabilities in their PostgreSQL offerings which ultimately allowed unauthorized access to other tenants' databases and the ability to perform a supply-chain attack on both services, which in turn would have allowed remote code execution (RCE) as well. Both services implemented multi-tenancy through a shared K8s cluster, but contained several bugs related to tenant isolation which an attacker could chain together to achieve the above impact. In ApsaraDB, these included privilege escalation to root in a container, a shared PID namespace enabling container escape, and write permissions granted to K8s nodes for a private container image registry utilized by both services. In AnalyticDB, the bugs included file disclosure, command line injection in a privileged container, and susceptibility to the core_pattern container escape technique.

Affected Products

VendorProductVersionsPlatforms
Alibaba CloudApsaraDB RDS for PostgreSQL, AnalyticDB for PostgreSQL
AWSSES

References

BrokenSesame
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›