Description

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.

INFO

Published Date :

2024-05-09T13:00:01.285Z

Last Modified :

2025-03-28T15:03:02.067Z

Source :

PostgreSQL
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4317 vulnerability.

Vendors Products
Postgresql
  • Postgresql
Redhat
  • Enterprise Linux
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4317.

URL Resource
https://nvd.nist.gov/vuln/detail/CVE-2024-4317 cve-icon
https://security.netapp.com/advisory/ntap-20250328-0001/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-4317 cve-icon
https://www.postgresql.org/support/security/CVE-2024-4317/ cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact