AWS RDS PostgreSQL exposed to local file read vulnerability

Description

The log_fdw extension for Amazon Relational Database Service (AWS RDS) PostgreSQL instances allows you to query log files from foreign servers as if they were tables in a database. However, certain versions of the log_fdw extension may contain vulnerabilities that can be exploited by attackers. By ensuring that your AWS RDS PostgreSQL instances use a non-vulnerable version of the log_fdw extension, you can help protect your database from potential security threats.

Code Example

resource "aws_db_instance" "pass" {
  name           = "name"
  instance_class = "db.t3.micro"
  engine         = "postgres"
  engine_version = "13.3"
}

resource "aws_rds_cluster" "pass" {
  engine = "aurora-postgresql"
  engine_version = "11.9"
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0298
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_AWS_250

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS RDS PostgreSQL exposed to local file read vulnerability

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS RDS PostgreSQL exposed to local file read vulnerability ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS RDS PostgreSQL exposed to local file read vulnerability

Description

Code Example

Remediation

Rule Details

References