CVE-2024-2338
CVSS 3.1 Score 8.0 of 10 (high)
Details
Published Mar 8, 2024
CWE ID 89
Summary
CVE-2024-2338 is a SQL injection vulnerability found in PostgreSQL Anonymizer v1.2. This vulnerability allows a user who owns a table to gain superuser privileges when dynamic masking is enabled. The vulnerability occurs due to a flaw that allows complex expressions to be provided as a value, which are then used as-is to create masked views, resulting in SQL injection. However, users who do not own a table, particularly masked users, cannot exploit this vulnerability. The issue has been resolved in version 1.3 of PostgreSQL Anonymizer.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2024-2338 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions