Lucene search

GoogleVULNRICHMENT:CVE-2024-1713

HistoryMar 14, 2024 - 8:14 p.m.

CVE-2024-1713 Plv8 Deferred Trigger Privilege Escalation

2024-03-1420:14:28

CWE-394

Google

github.com

cve-2024-1713

plv8

privilege escalation

autovacuum

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:plv8:plv8:3.2.1:*:*:*:*:*:*:*"
    ],
    "vendor": "plv8",
    "product": "plv8",
    "versions": [
      {
        "status": "affected",
        "version": "3.2.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1713