PT-2024-3323 · Unknown+12 · Postgresql+11

Lukas Fittl

·

Published

2024-05-08

·

Updated

2026-04-03

·

CVE-2024-4317

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 14.12 PostgreSQL versions prior to 15.7 PostgreSQL versions prior to 16.3
Description The issue is related to errors in managing privileges in the PostgreSQL database system, specifically in the pg stats ext and pg stats ext exprs system views. This could allow an unprivileged database user to read statistics from other users, potentially revealing sensitive information such as column values or results of functions they cannot execute.
Recommendations For versions prior to 14.12, update to version 14.12 or later. For versions prior to 15.7, update to version 15.7 or later. For versions prior to 16.3, update to version 16.3 or later. As a temporary workaround, consider restricting the visibility of pg stats ext and pg stats ext exprs entries to the table owner.

Fix

LPE

Missing Authorization

Weakness Enumeration

CWE-862CWE-264

Related Identifiers

ALSA-2024:5927
ALSA-2024:5929
ALSA-2024:6001
ALSA-2024:6020
ALT-PU-2024-7776
ALT-PU-2024-7778
ALT-PU-2024-7779
ALT-PU-2024-7780
ALT-PU-2024-7783
ALT-PU-2024-7785
ALT-PU-2024-7786
ALT-PU-2024-7787
ALT-PU-2024-7927
ALT-PU-2024-7929
ALT-PU-2024-7930
AZL-40654
BDU:2024-03569
BIT-POSTGRESQL-2024-4317
CESA-2024_5927
CESA-2024_6001
CVE-2024-4317
ECHO-DD9C-B422-C001
INFSA-2024_5927
INFSA-2024_5929
INFSA-2024_6001
INFSA-2024_6020
JLSEC-2026-51
MGASA-2024-0184
OPENSUSE-SU-2024:13946-1
OPENSUSE-SU-2024:13947-1
OPENSUSE-SU-2024:13950-1
OPENSUSE-SU-2024_1768-1
OPENSUSE-SU-2024_1777-1
OPENSUSE-SU-2024_2261-1
OPENSUSE-SU-2024_2266-1
OPENSUSE-SU-2024_3159-1
RHSA-2024:5927
RHSA-2024:5929
RHSA-2024:6001
RHSA-2024:6020
RHSA-2024:6142
RHSA-2024_5927
RHSA-2024_5929
RHSA-2024_6001
RHSA-2024_6020
RLSA-2024:5927
RLSA-2024:5929
ROSA-SA-2024-2485
ROSA-SA-2024-2486
SUSE-SU-2024:1651-1
SUSE-SU-2024:1652-1
SUSE-SU-2024:1653-1
SUSE-SU-2024:1703-1
SUSE-SU-2024:1768-1
SUSE-SU-2024:1777-1
SUSE-SU-2024:2261-1
SUSE-SU-2024:2262-1
SUSE-SU-2024:2262-2
SUSE-SU-2024:2262-3
SUSE-SU-2024:2266-1
SUSE-SU-2024:3159-1
SUSE-SU-2024:3159-2
SUSE-SU-2024_1651-1
SUSE-SU-2024_1652-1
SUSE-SU-2024_1653-1
SUSE-SU-2024_1703-1
SUSE-SU-2024_1768-1
SUSE-SU-2024_1777-1
SUSE-SU-2024_2261-1
SUSE-SU-2024_2262-2
SUSE-SU-2024_2262-3
SUSE-SU-2024_2266-1
SUSE-SU-2024_3159-1
USN-6802-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Postgresql
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Zvirt Node