Search criteria
6 vulnerabilities found for PostgreSQL Anonymizer by DALIBO
CVE-2025-5690 (GCVE-0-2025-5690)
Vulnerability from cvelistv5 – Published: 2025-06-04 21:34 – Updated: 2025-06-05 18:10
VLAI?
Summary
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DALIBO | PostgreSQL Anonymizer |
Affected:
1 , < 2.2.1
(rpm)
|
Credits
The PostgreSQL Anonymizer project thanks Jukka Heiskanen for reporting this problem.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5690",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T18:09:40.493423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T18:10:03.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL Anonymizer",
"vendor": "DALIBO",
"versions": [
{
"lessThan": "2.2.1",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Dynamic masking must be enabled"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL Anonymizer project thanks Jukka Heiskanen for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:34:47.358Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/531"
}
],
"title": "Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data",
"workarounds": [
{
"lang": "en",
"value": "Disable dynamic masking"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2025-5690",
"datePublished": "2025-06-04T21:34:47.358Z",
"dateReserved": "2025-06-04T18:41:30.661Z",
"dateUpdated": "2025-06-05T18:10:03.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2339 (GCVE-0-2024-2339)
Vulnerability from cvelistv5 – Published: 2024-03-08 20:07 – Updated: 2024-08-02 19:53
VLAI?
Summary
PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DALIBO | PostgreSQL Anonymizer |
Affected:
1 , < 1.3.0
(rpm)
|
Credits
The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dalibo:postgresql_anonymizer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "postgresql_anonymizer",
"vendor": "dalibo",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:52:46.930699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:53:36.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL Anonymizer",
"vendor": "DALIBO",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A user that own a table also has the CREATE permission"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don\u0027t own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T20:07:14.838Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9"
}
],
"title": "Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule",
"workarounds": [
{
"lang": "en",
"value": "Revoke the CREATE permission to non-superusers"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2024-2339",
"datePublished": "2024-03-08T20:07:14.838Z",
"dateReserved": "2024-03-08T19:53:56.153Z",
"dateUpdated": "2024-08-02T19:53:36.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2338 (GCVE-0-2024-2338)
Vulnerability from cvelistv5 – Published: 2024-03-08 20:07 – Updated: 2024-08-01 19:11
VLAI?
Summary
PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DALIBO | PostgreSQL Anonymizer |
Affected:
1 , < 1.3.0
(rpm)
|
Credits
The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dalibo:postgresql_anonymizer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "postgresql_anonymizer",
"vendor": "dalibo",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T20:14:45.813825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T20:21:48.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL Anonymizer",
"vendor": "DALIBO",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Dynamic masking must be enabled"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don\u0027t own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T20:07:00.788Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778"
}
],
"title": "SQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule",
"workarounds": [
{
"lang": "en",
"value": "Disable dynamic masking"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2024-2338",
"datePublished": "2024-03-08T20:07:00.788Z",
"dateReserved": "2024-03-08T19:53:55.525Z",
"dateUpdated": "2024-08-01T19:11:53.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5690 (GCVE-0-2025-5690)
Vulnerability from nvd – Published: 2025-06-04 21:34 – Updated: 2025-06-05 18:10
VLAI?
Summary
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DALIBO | PostgreSQL Anonymizer |
Affected:
1 , < 2.2.1
(rpm)
|
Credits
The PostgreSQL Anonymizer project thanks Jukka Heiskanen for reporting this problem.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5690",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T18:09:40.493423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T18:10:03.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL Anonymizer",
"vendor": "DALIBO",
"versions": [
{
"lessThan": "2.2.1",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Dynamic masking must be enabled"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL Anonymizer project thanks Jukka Heiskanen for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:34:47.358Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/531"
}
],
"title": "Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data",
"workarounds": [
{
"lang": "en",
"value": "Disable dynamic masking"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2025-5690",
"datePublished": "2025-06-04T21:34:47.358Z",
"dateReserved": "2025-06-04T18:41:30.661Z",
"dateUpdated": "2025-06-05T18:10:03.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2339 (GCVE-0-2024-2339)
Vulnerability from nvd – Published: 2024-03-08 20:07 – Updated: 2024-08-02 19:53
VLAI?
Summary
PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DALIBO | PostgreSQL Anonymizer |
Affected:
1 , < 1.3.0
(rpm)
|
Credits
The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dalibo:postgresql_anonymizer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "postgresql_anonymizer",
"vendor": "dalibo",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:52:46.930699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:53:36.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL Anonymizer",
"vendor": "DALIBO",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A user that own a table also has the CREATE permission"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don\u0027t own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T20:07:14.838Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9"
}
],
"title": "Improper Input Validation in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule",
"workarounds": [
{
"lang": "en",
"value": "Revoke the CREATE permission to non-superusers"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2024-2339",
"datePublished": "2024-03-08T20:07:14.838Z",
"dateReserved": "2024-03-08T19:53:56.153Z",
"dateUpdated": "2024-08-02T19:53:36.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2338 (GCVE-0-2024-2338)
Vulnerability from nvd – Published: 2024-03-08 20:07 – Updated: 2024-08-01 19:11
VLAI?
Summary
PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DALIBO | PostgreSQL Anonymizer |
Affected:
1 , < 1.3.0
(rpm)
|
Credits
The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dalibo:postgresql_anonymizer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "postgresql_anonymizer",
"vendor": "dalibo",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T20:14:45.813825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T20:21:48.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL Anonymizer",
"vendor": "DALIBO",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Dynamic masking must be enabled"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL Anonymizer project thanks Pedro Gallegos for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don\u0027t own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T20:07:00.788Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778"
}
],
"title": "SQL Injection in PostgreSQL Anonymizer 1.2 allows table owner to gain superuser privileges via masking rule",
"workarounds": [
{
"lang": "en",
"value": "Disable dynamic masking"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2024-2338",
"datePublished": "2024-03-08T20:07:00.788Z",
"dateReserved": "2024-03-08T19:53:55.525Z",
"dateUpdated": "2024-08-01T19:11:53.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}