Lucene search
K

55 matches found

Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.6 views

PT-2025-23864 · Unknown +1 · Postgresql Anonymizer +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL Anonymizer versions 2.0 through 2.1 Description: The issue allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg dump. This problem occur...

6.5CVSS6.4AI score0.00285EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 1:53 a.m.6 views

CVE-2024-2338

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

8CVSS7.7AI score0.00461EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.6 views

The vulnerability of the PostgreSQL data anonymization extension in the PostgreSQL Anonymizer tool lies in the lack of security measures for SQL query structures. This allows attackers to elevate their privileges to superuser levels.

The vulnerability of the PostgreSQL anonymization extension in the PostgreSQL Anonymizer database relates to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor, operating remotely, to elevate their privileges to the level of superuser...

8CVSS7.6AI score0.00461EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.7 views

The vulnerability of the “restrict_to_trusted_schemas” option in PostgreSQL’s data anonymization functions in the PostgreSQL Anonymizer database allows a malicious user to elevate their privileges to superuser status.

The vulnerability of the restricttotrustedschemas option in PostgreSQL’s data anonymization feature exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to elevate their privileges to superuser status...

8CVSS7.4AI score0.00552EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/03/08 8:15 p.m.12 views

CVE-2024-2338

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

8CVSS8.2AI score0.00461EPSS
Exploits0References1
Prion
Prion
added 2024/03/08 8:15 p.m.14 views

Input validation

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

4.3CVSS7.2AI score0.00552EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/08 8:7 p.m.13 views

CVE-2024-2339 Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

8CVSS8AI score0.00552EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/08 8:7 p.m.12 views

CVE-2024-2339 Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

8CVSS7.2AI score0.00552EPSS
Exploits0References1
OSV
OSV
added 2024/03/08 8:7 p.m.20 views

CVE-2024-2339 Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous...

8CVSS7.2AI score0.00552EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/08 8:7 p.m.15 views

CVE-2024-2338 SQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

8CVSS8.4AI score0.00461EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/08 8:7 p.m.17 views

CVE-2024-2338 SQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

8CVSS7.7AI score0.00461EPSS
Exploits0References1
OSV
OSV
added 2024/03/08 8:7 p.m.26 views

CVE-2024-2338 SQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex...

8CVSS7.2AI score0.00461EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/08 12:0 a.m.4 views

PostgreSQL Anonymizer Security Vulnerability

PostgreSQL Anonymizer is an extension for masking or replacing personally identifiable information PII or commercially sensitive data in PostgreSQL databases. A security vulnerability exists in PostgreSQL Anonymizer version v1.2 that originates from allowing a user who owns a table to be promoted...

8CVSS6.5AI score0.00461EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/08 12:0 a.m.5 views

PostgreSQL Anonymizer Security Vulnerability

PostgreSQL Anonymizer is an extension for masking or replacing personally identifiable information PII or commercially sensitive data in PostgreSQL databases. A security vulnerability exists in PostgreSQL Anonymizer version v1.2 that originates from allowing a user who owns a table to be promoted...

8.8CVSS6.5AI score0.00552EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/08 12:0 a.m.5 views

PT-2024-2087 · Unknown · Postgresql Anonymizer

Name of the Vulnerable Software and Affected Versions: PostgreSQL Anonymizer version 1.2 Description: The issue is related to a SQL injection vulnerability in PostgreSQL Anonymizer. This vulnerability allows a user who owns a table to elevate their privileges to superuser when dynamic masking is...

8CVSS8.4AI score0.00461EPSS
Exploits0References7
Rows per page
Query Builder