How severe is CVE-2024-0985?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2024-0985?

This is classified as CWE-271, which is a common weakness in software security.

CVE-2024-0985 - HIGH Severity | CVSS 8

Vulnerability Description

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.

Related Vulnerabilities

CVE-2022-3569

HIGH

CVSS:7.8(High)

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively c...

CWE-2712022

CVE-2025-23395

HIGH

CVSS:7.8(High)

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root...

CWE-2712025

CVE-2023-22648

HIGH

CVSS:8.8(High)

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to ...

CWE-2712023

CVE-2024-35179

MEDIUM

CVSS:6.8(Medium)

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This is...

CWE-2712024

CVE-2023-22648

HIGH

CVSS:8.8(High)

CWE-2712023

CVE-2022-3569

HIGH

CVSS:7.8(High)

CWE-2712022