Lucene search

CVE-2024-0985

🗓️ 08 Feb 2024 13:08:15Reported by PostgreSQLType

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows execution of arbitrary SQL functions by the object creator

Reporter	Title	Published	Views	Family All 199
Rosalinux	Advisory ROSA-SA-2025-2625	28 Jan 202513:54	–	rosalinux
Tenable Nessus	FreeBSD : postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL (19e6dd1b-c6a5-11ee-9cd0-6cc21735f730)	9 Feb 202400:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS : PostgreSQL vulnerability (USN-6656-2)	12 Mar 202400:00	–	nessus
Tenable Nessus	RHEL 8 : postgresql (RHSA-2024:1437)	20 Mar 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql16 (SUSE-SU-2024:0550-1)	21 Feb 202400:00	–	nessus
Tenable Nessus	RHEL 7 : rh-postgresql13-postgresql (RHSA-2024:0988)	26 Feb 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : postgresql:15 (ALSA-2024:0973)	28 Feb 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : postgresql:13 (ALSA-2024:0975)	28 Feb 202400:00	–	nessus
Tenable Nessus	RHEL 8 : postgresql (RHSA-2024:1429)	19 Mar 202400:00	–	nessus
Tenable Nessus	Rocky Linux 9 : postgresql (RLSA-2024:0951)	14 May 202400:00	–	nessus

Nvd

Node

postgresql postgresqlRange12.0–12.18

postgresql postgresqlRange13.0–13.14

postgresql postgresqlRange14.0–14.11

postgresql postgresqlRange15.0–15.6

[
  {
    "defaultStatus": "unaffected",
    "product": "PostgreSQL",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "16.2",
        "status": "affected",
        "version": "16",
        "versionType": "rpm"
      },
      {
        "lessThan": "15.6",
        "status": "affected",
        "version": "15",
        "versionType": "rpm"
      },
      {
        "lessThan": "14.11",
        "status": "affected",
        "version": "14",
        "versionType": "rpm"
      },
      {
        "lessThan": "13.14",
        "status": "affected",
        "version": "13",
        "versionType": "rpm"
      },
      {
        "lessThan": "12.18",
        "status": "affected",
        "version": "0",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2024/03/msg00017.html
postgresql	www.postgresql.org/support/security/CVE-2024-0985/
saites	www.saites.dev/projects/personal/postgres-cve-2024-0985/
security	www.security.netapp.com/advisory/ntap-20241220-0005/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Feb 2024 13:15Current

8.6High risk

Vulners AI Score8.6

CVSS38

EPSS0.002

CWE-271