3 matches found
CVE-2024-2338
Summary for CVE-2024-2338 (PostgreSQL Anonymizer) : PostgreSQL Anonymizer v1.2 contains a SQL injection flaw that can let a user who owns a table escalate to superuser when dynamic masking is enabled. The vulnerability stems from allowing complex expressions as a value for security labels used to...
CVE-2024-2339
PostgreSQL Anonymizer v1.2 has a vulnerability that allows a table owner to escalate to superuser by placing malicious code in a masking function for a column. When privileged users apply masking rules (static masking or anonymous dump), the code can be executed and grant escalated privileges to ...
CVE-2026-9617
CVE-2026-9617 — PostgreSQL Anonymizer: A vulnerability lets a user gain superuser privileges by creating a table and embedding malicious code in a column identifier, executed when a superuser runs the k_anonymity() function. Affected environment includes PostgreSQL Anonymizer extensions; higher r...