Lucene search
GoogleCVE-2024-1713HistoryMar 14, 2024 - 9:15 p.m.
CVE-2024-1713
2024-03-1421:15:50
CWE-394
Google
web.nvd.nist.gov
33
cve-2024-1713
database security
plv8 3.2.1
deferred triggers
superuser
autovacuum
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.
Affected configurations
Node
plv8plv8Range≤3.2.1
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "Plv8",
"product": "Plv8",
"vendor": "Plv8",
"versions": [
{
"status": "affected",
"version": "3.2.1"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2024-1713
2024-03-14 00:00:00
nvd
nvd
CVE-2024-1713
2024-03-14 21:15:50
cvelist
cvelist
CVE-2024-1713 Plv8 Deferred Trigger Privilege Escalation
2024-03-14 20:14:28
vulnrichment
vulnrichment
CVE-2024-1713 Plv8 Deferred Trigger Privilege Escalation
2024-03-14 20:14:28
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-1713