CVE-2024-0985 - Vulnerability Details

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Postgresql	Postgresql
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Software Collections Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
postgresql:10-8090020240213200157.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0956	2024-02-26T00:00:00Z
postgresql:15-8090020240209124629.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0973	2024-02-26T00:00:00Z
postgresql:12-8090020240209130909.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0974	2024-02-26T00:00:00Z
postgresql:13-8090020240209125046.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0975	2024-02-26T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
postgresql:12-8020020240214021628.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:1071	2024-03-04T00:00:00Z
postgresql:10-8020020240229083218.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:1422	2024-03-19T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
postgresql:12-8020020240214021628.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2024:1071	2024-03-04T00:00:00Z
postgresql:10-8020020240229083218.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2024:1422	2024-03-19T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
postgresql:12-8020020240214021628.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2024:1071	2024-03-04T00:00:00Z
postgresql:10-8020020240229083218.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2024:1422	2024-03-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
postgresql:12-8040020240214080556.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:1195	2024-03-06T00:00:00Z
postgresql:10-8040020240226112406.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:1429	2024-03-19T00:00:00Z
postgresql:13-8040020240222071300.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:1437	2024-03-20T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
postgresql:12-8040020240214080556.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:1195	2024-03-06T00:00:00Z
postgresql:10-8040020240226112406.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:1429	2024-03-19T00:00:00Z
postgresql:13-8040020240222071300.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:1437	2024-03-20T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
postgresql:12-8040020240214080556.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:1195	2024-03-06T00:00:00Z
postgresql:10-8040020240226112406.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:1429	2024-03-19T00:00:00Z
postgresql:13-8040020240222071300.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:1437	2024-03-20T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
postgresql:12-8060020240214083443.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:1070	2024-03-04T00:00:00Z
postgresql:13-8060020240219120118.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:1315	2024-03-13T00:00:00Z
postgresql:10-8060020240220155541.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:1348	2024-03-18T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
postgresql:15-8080020240220104521.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:1017	2024-02-28T00:00:00Z
postgresql:12-8080020240214025906.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:1069	2024-03-04T00:00:00Z
postgresql:13-8080020240221110841.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:1426	2024-03-19T00:00:00Z
postgresql:10-8080020240227061409.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:1428	2024-03-19T00:00:00Z
Red Hat Enterprise Linux 9
postgresql:15-9030020240209100638.rhel9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0950	2024-02-22T00:00:00Z
postgresql-0:13.14-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0951	2024-02-22T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
postgresql-0:13.14-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:1240	2024-03-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
postgresql-0:13.14-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:1241	2024-03-11T00:00:00Z
postgresql:15-9020020240213145157.rhel9	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:1314	2024-03-13T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-postgresql13-postgresql-0:13.14-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2024:0988	2024-02-26T00:00:00Z
rh-postgresql12-postgresql-0:12.18-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2024:0990	2024-02-26T00:00:00Z
rh-postgresql10-postgresql-0:10.23-3.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2024:0992	2024-02-26T00:00:00Z

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html
https://nvd.nist.gov/vuln/detail/CVE-2024-0985
https://saites.dev/projects/personal/postgres-cve-2024-0985/
https://security.netapp.com/advisory/ntap-20241220-0005/
https://www.cve.org/CVERecord?id=CVE-2024-0985
https://www.postgresql.org/support/security/CVE-2024-0985/

History

Fri, 20 Dec 2024 13:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20241220-0005/

MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published: 2024-02-08T13:00:02.411Z

Updated: 2025-02-13T17:27:30.615Z

Reserved: 2024-01-27T20:47:02.113Z

Link: CVE-2024-0985

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-02-08T13:15:08.927

Modified: 2024-12-20T13:15:19.070

Link: CVE-2024-0985

Redhat

Severity : Important

Publid Date: 2024-02-08T00:00:00Z

Links: CVE-2024-0985 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-0985", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2024-01-27T20:47:02.113Z", "datePublished": "2024-02-08T13:00:02.411Z", "dateUpdated": "2025-02-13T17:27:30.615Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2024-07-10T17:13:47.434Z"}, "title": "PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL", "descriptions": [{"lang": "en", "value": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected."}], "affected": [{"defaultStatus": "unaffected", "product": "PostgreSQL", "vendor": "n/a", "versions": [{"lessThan": "16.2", "status": "affected", "version": "16", "versionType": "rpm"}, {"lessThan": "15.6", "status": "affected", "version": "15", "versionType": "rpm"}, {"lessThan": "14.11", "status": "affected", "version": "14", "versionType": "rpm"}, {"lessThan": "13.14", "status": "affected", "version": "13", "versionType": "rpm"}, {"lessThan": "12.18", "status": "affected", "version": "0", "versionType": "rpm"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-271", "type": "CWE", "description": "Privilege Dropping / Lowering Errors"}]}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2024-0985/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html"}, {"url": "https://saites.dev/projects/personal/postgres-cve-2024-0985/"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8, "baseSeverity": "HIGH"}}], "configurations": [{"lang": "en", "value": "attacker has permission to create non-temporary objects in at least one schema"}], "workarounds": [{"lang": "en", "value": "Use REFRESH MATERIALIZED VIEW without CONCURRENTLY."}, {"lang": "en", "value": "In a new database connection, authenticate as the materialized view owner."}], "credits": [{"lang": "en", "value": "The PostgreSQL project thanks Pedro Gallegos for reporting this problem."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.postgresql.org/support/security/CVE-2024-0985/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://saites.dev/projects/personal/postgres-cve-2024-0985/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20241220-0005/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-12-20T13:06:41.461Z"}}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "6515DD96-8226-4C7A-9731-75C62F781ADD", "versionEndExcluding": "12.18", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "36C5A43F-5861-460E-912B-BC70C232DEED", "versionEndExcluding": "13.14", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "170AC44C-3970-46BF-8071-4B29F5EF20F3", "versionEndExcluding": "14.11", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF8DDD13-1879-4298-855A-F2FC236CB846", "versionEndExcluding": "15.6", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected."}, {"lang": "es", "value": "La ca\u00edda tard\u00eda de privilegios en ACTUALIZAR VISTA MATERIALIZADA CONCURRENTE en PostgreSQL permite a un creador de objetos ejecutar funciones SQL arbitrarias como emisor de comandos. El comando pretende ejecutar funciones SQL como propietario de la vista materializada, lo que permite una actualizaci\u00f3n segura de vistas materializadas que no son de confianza. La v\u00edctima es un superusuario o miembro de uno de los roles del atacante. El ataque requiere atraer a la v\u00edctima para que ejecute ACTUALIZAR VISTA MATERIALIZADA CONCURRENTE en la vista materializada del atacante. Como parte de la explotaci\u00f3n de esta vulnerabilidad, el atacante crea funciones que utilizan CREATE RULE para convertir la tabla temporal creada internamente en una vista. Las versiones anteriores a PostgreSQL 15.6, 14.11, 13.14 y 12.18 se ven afectadas. El \u00fanico exploit conocido no funciona en PostgreSQL 16 y posteriores. Para una defensa en profundidad, PostgreSQL 16.2 agrega las protecciones que utilizan las ramas m\u00e1s antiguas para corregir su vulnerabilidad."}], "id": "CVE-2024-0985", "lastModified": "2024-12-20T13:15:19.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-08T13:15:08.927", "references": [{"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://saites.dev/projects/personal/postgres-cve-2024-0985/"}, {"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2024-0985/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://saites.dev/projects/personal/postgres-cve-2024-0985/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20241220-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2024-0985/"}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-271"}], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0956", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:10-8090020240213200157.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0973", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:15-8090020240209124629.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0974", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:12-8090020240209130909.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0975", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:13-8090020240209125046.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:1071", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql:12-8020020240214021628.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-03-04T00:00:00Z"}, {"advisory": "RHSA-2024:1422", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql:10-8020020240229083218.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1071", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql:12-8020020240214021628.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-03-04T00:00:00Z"}, {"advisory": "RHSA-2024:1422", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql:10-8020020240229083218.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1071", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql:12-8020020240214021628.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-03-04T00:00:00Z"}, {"advisory": "RHSA-2024:1422", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql:10-8020020240229083218.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1195", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:12-8040020240214080556.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1429", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:10-8040020240226112406.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1437", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:13-8040020240222071300.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:1195", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:12-8040020240214080556.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1429", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:10-8040020240226112406.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1437", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:13-8040020240222071300.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:1195", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:12-8040020240214080556.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-03-06T00:00:00Z"}, {"advisory": "RHSA-2024:1429", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:10-8040020240226112406.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1437", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:13-8040020240222071300.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:1070", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:12-8060020240214083443.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-04T00:00:00Z"}, {"advisory": "RHSA-2024:1315", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:13-8060020240219120118.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:1348", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:10-8060020240220155541.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-18T00:00:00Z"}, {"advisory": "RHSA-2024:1017", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:15-8080020240220104521.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-02-28T00:00:00Z"}, {"advisory": "RHSA-2024:1069", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:12-8080020240214025906.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-03-04T00:00:00Z"}, {"advisory": "RHSA-2024:1426", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:13-8080020240221110841.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1428", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:10-8080020240227061409.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:0950", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql:15-9030020240209100638.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-02-22T00:00:00Z"}, {"advisory": "RHSA-2024:0951", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql-0:13.14-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-02-22T00:00:00Z"}, {"advisory": "RHSA-2024:1240", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "postgresql-0:13.14-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-11T00:00:00Z"}, {"advisory": "RHSA-2024:1241", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql-0:13.14-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-03-11T00:00:00Z"}, {"advisory": "RHSA-2024:1314", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql:15-9020020240213145157.rhel9", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-03-13T00:00:00Z"}, {"advisory": "RHSA-2024:0988", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql13-postgresql-0:13.14-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0990", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.18-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2024-02-26T00:00:00Z"}, {"advisory": "RHSA-2024:0992", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.23-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2024-02-26T00:00:00Z"}], "bugzilla": {"description": "postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL", "id": "2263384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263384"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-271", "details": ["Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.", "A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refresh of untrusted materialized views. The attack requires luring the victim, a superuser or member of one of the attacker's roles, into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-0985", "package_state": [{"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:debezium:2", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat build of Debezium 2"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat JBoss Data Grid 7"}], "public_date": "2024-02-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0985\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0985"], "statement": "This PostgreSQL vulnerability poses a significant risk due to its potential for unauthorized access and manipulation of data. Essentially, it allows attackers to execute arbitrary SQL functions using the REFRESH MATERIALIZED VIEW CONCURRENTLY command, especially when the victim is a superuser or holds a role within the attacker's control. By luring victims into running this command on a maliciously crafted materialized view, attackers can exploit the system. This could lead to serious consequences, such as data breaches or data corruption, compromising the integrity and confidentiality of the database.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object