Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data

June 4, 2025 invoker category_cve

CVE Details

Basic Information

Title Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data
Type cve
Published 2025-06-04T21:34:47.358Z
Last Seen

Product Information

Vendor DALIBO
Product PostgreSQL Anonymizer
Version 1

CVSS Information

Base Score 6.5 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A vulnerability in PostgreSQL Anonymizer versions 2.0 and 2.1 allows users with masked access to bypass rules and view original data using database cursors or pg_dump, even when dynamic masking is enabled. This issue is resolved in version 2.2.1.
AI Severity Medium
Vendor DALIBO
Product PostgreSQL Anonymizer
Affected Version 2.0, 2.1

Additional Information

CVE List
CWE List CWE-200
Bulletin Family
Source Data DALIBO PostgreSQL Anonymizer 1

Source Information

Source Data DALIBO PostgreSQL Anonymizer 1
Source Link

Description

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the –insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1

CVSS Score Summary

Base Score: 6.5 (MEDIUM)

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.