EnterpriseDB pglogical and BDR/PGD Replication Connection Vulnerability Allowing Unauthorized Data Reads

A vulnerability exists in EnterpriseDB's pglogical replication system, specifically in version 3.x prior to 3.7.26-ELS, and in BDR/PGD versions 4.x prior to 4.3.8-ELS and 5.x prior to 5.8.0. The issue arises because pglogical does not verify that it is using a replication connection when attempting to replicate data. As a result, a user with CONNECT access to a database configured for replication can execute pglogical commands to gain read access to replicated tables. Exploitation requires knowledge of specific pglogical 3/BDR commands and the ability to decode the binary protocol.

Impact

Exploitation of this vulnerability allows unauthorized users to read data from tables that are being replicated, potentially leading to data leakage or unauthorized access to sensitive information.

Remediation

Users must upgrade to a fixed version of pglogical or BDR/PGD. The latest supported versions include pglogical 3.7.26-ELS, BDR/PGD 4.3.8-ELS, and BDR/PGD 5.8.0.