CVE-2024-2338

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Mar 8, 2024
CWE ID 89

Summary

CVE-2024-2338 is a SQL injection vulnerability found in PostgreSQL Anonymizer v1.2. This vulnerability allows a user who owns a table to gain superuser privileges when dynamic masking is enabled. The vulnerability occurs due to a flaw that allows complex expressions to be provided as a value, which are then used as-is to create masked views, resulting in SQL injection. However, users who do not own a table, particularly masked users, cannot exploit this vulnerability. The issue has been resolved in version 1.3 of PostgreSQL Anonymizer.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2338 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options