CVE-2024-0985

Summary

CVE-2024-0985 is a vulnerability in PostgreSQL that allows an attacker to execute arbitrary SQL functions with the privileges of the command issuer, by luring a superuser or a member of one of their roles into refreshing a materialized view. This issue occurs due to a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command. Versions of PostgreSQL before 16.2, 15.6, 14.11, 13.14, and 12.18 are affected by this vulnerability. The attacker can potentially exploit this to gain unauthorized access or perform malicious actions within the PostgreSQL database.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.