CVE-2024-1713 HIGH

CVE-2024-1713: Plv8 Deferred Trigger Privilege Escalation

Vendor Plv8
Product Plv8
Weakness CWE-394
Published March 14, 2024
Last update August 2, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.

Key dates

02Disclosure timeline

March 14, 2024 CVE published
August 2, 2024 Record updated