https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2425456#M41124 <PRE id="tw-target-text" class="tw-data-text tw-text-large tw-ta" dir="ltr" data-placeholder="Traduction" data-ved="2ahUKEwj25Ofp-NCEAxUxU6QEHVq5APwQ3ewLegQIBRAU"><SPAN class="Y2IQFc">Is there a patch planned for NPrinting to address the PostgreSQL security problem?</SPAN></PRE> <P>&nbsp;</P> Thu, 29 Feb 2024 16:15:27 GMT jvandrot 2024-02-29T16:15:27Z https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2425456#M41124 <PRE id="tw-target-text" class="tw-data-text tw-text-large tw-ta" dir="ltr" data-placeholder="Traduction" data-ved="2ahUKEwj25Ofp-NCEAxUxU6QEHVq5APwQ3ewLegQIBRAU"><SPAN class="Y2IQFc">Is there a patch planned for NPrinting to address the PostgreSQL security problem?</SPAN></PRE> <P>&nbsp;</P> Thu, 29 Feb 2024 16:15:27 GMT https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2425456#M41124 jvandrot 2024-02-29T16:15:27Z https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2425514#M41125 <P>Which problem are you referring to?&nbsp; There was a postgresql upgrade included in NPrinting February 2024.&nbsp;&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JonnyPoole_0-1709228861149.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/161016iA02A15B08A3EE12A/image-size/medium?v=v2&amp;px=400" role="button" title="JonnyPoole_0-1709228861149.png" alt="JonnyPoole_0-1709228861149.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 29 Feb 2024 17:48:09 GMT https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2425514#M41125 JonnyPoole 2024-02-29T17:48:09Z https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2426443#M41137 <P>Hello,</P> <P>I'm reffering to the security breach dated from Februray 8th, which is fixed on update 13.14</P> <P>The february version is 13.13</P> <P><A href="https://www.postgresql.org/support/security/" target="_blank">https://www.postgresql.org/support/security/</A></P> <P>&nbsp;</P> <TABLE class="table table-striped"> <THEAD> <TR> <TH>Reference</TH> <TH>Affected</TH> <TH>Fixed</TH> <TH><A href="https://www.postgresql.org/support/security/#comp" target="_blank">Component</A><SPAN>&nbsp;</SPAN>&amp; CVSS v3 Base Score</TH> <TH>Description</TH> </TR> </THEAD> <TBODY> <TR> <TD><SPAN class="nobr"><A href="https://www.postgresql.org/support/security/CVE-2024-0985/" target="_blank">CVE-2024-0985</A></SPAN><BR /><A href="https://www.postgresql.org/about/news/postgresql-162-156-1411-1314-and-1218-released-2807/" target="_blank">Announcement</A></TD> <TD>15, 14, 13, 12</TD> <TD>15.6, 14.11, 13.14, 12.18</TD> <TD>core server<BR /><A href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" target="_blank">8.0</A><BR /><SPAN class="cvssvector">AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</SPAN></TD> <TD>PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL<BR /><BR /><A href="https://www.postgresql.org/support/security/CVE-2024-0985/" target="_blank">more details</A></TD> </TR> </TBODY> </TABLE> Mon, 04 Mar 2024 08:37:16 GMT https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2426443#M41137 jvandrot 2024-03-04T08:37:16Z https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2426738#M41138 <P>Thanks for the post&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/193375">@jvandrot</a>&nbsp;</P> <P>The Qlik NPrinting product team and our security team are in constant communication around various identified security topics.&nbsp; This item is on our radar and is being planned for resolution in an Service Release for both the Qlik NPrinting May 2023 and Qlik NPrinting February 2024 build lines.&nbsp;</P> <P>In the mean time it is worth noting that this vulnerability is not exploitable in Qlik NPrinting as the product does not allow users to construct such kind of query required to exploit the vulnerability. Even though the product accepts user input (which is sanitized as part of a defense-in-depth strategy), there is no way in the product to create the kind of query required for exploitation in this scenario.<BR />A theoretical attack would require an advisory to get direct access to the NPrinting database as well as privileged filesystem access in addition to several other preconditions be met. If such escalated privileged access would be possible, there would other ways to yield more gain or access.&nbsp;&nbsp;</P> Mon, 04 Mar 2024 16:35:23 GMT https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2426738#M41138 Andrew_Kruger 2024-03-04T16:35:23Z https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2426826#M41139 <P><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/193375">@jvandrot</a>&nbsp;R&amp;D will be doing a Service Release of NP with the 13.14 version, but like Andrew said its not a security concern for NP</P> Mon, 04 Mar 2024 21:28:25 GMT https://community.qlik.com/t5/Qlik-NPrinting/Patch-NPrinting/m-p/2426826#M41139 David_Friend 2024-03-04T21:28:25Z