Primary

Context

PostgreSQL Anonymizer Dynamic Masking Bypass Vulnerability

Vulnerability

A vulnerability in PostgreSQL Anonymizer versions 2.0 and 2.1 allows masked users to circumvent masking rules and access original data. This issue arises when dynamic masking is enabled, which is not the default. The vulnerability can be exploited using a database cursor or the '--inserts' option of pg_dump.

Impact

Exploitation of this vulnerability allows for unauthorized access to unmasked data, bypassing established data masking rules.

Reproduction

To reproduce this vulnerability, enable dynamic masking in PostgreSQL Anonymizer. Then, use the '--inserts' option with the pg_dump command. This will cause pg_dump to use a cursor-based approach, which bypasses the dynamic masking and allows the original data to be dumped without anonymization.

Remediation

Users can upgrade to PostgreSQL Anonymizer version 2.2.1, where this vulnerability has been fixed.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PostgreSQL Anonymizer Dynamic Masking Bypass Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating