Lucene search

Ubuntu.comUB:CVE-2024-1713

HistoryMar 14, 2024 - 12:00 a.m.

CVE-2024-1713

2024-03-1400:00:00

ubuntu.com

plv8

database

deferred triggers

superuser

autovacuum

unix

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

A user who can create objects in a database with plv8 3.2.1 installed is
able to cause deferred triggers to execute as the Superuser during
autovacuum.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchplv8< anyUNKNOWN
ubuntu16.04noarchplv8< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	plv8	< any	UNKNOWN
ubuntu	16.04	noarch	plv8	< any	UNKNOWN

References

github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4

launchpad.net/bugs/cve/CVE-2024-1713

nvd.nist.gov/vuln/detail/CVE-2024-1713

security-tracker.debian.org/tracker/CVE-2024-1713

www.cve.org/CVERecord?id=CVE-2024-1713

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for UB:CVE-2024-1713