jbauerrfid
commented
8 months ago This issue has been fixed by https://github.com/CircleCI-Public/cimg-postgres/pull/117
Hence closing this.
Closed jbauerrfid closed 8 months ago
jbauerrfid
commented
8 months ago This issue has been fixed by https://github.com/CircleCI-Public/cimg-postgres/pull/117
Hence closing this.
Describe the bug Restricted users can exploit materialized views to increase their permissions. There is a detailed bug description at https://www.postgresql.org/support/security/CVE-2024-0985/
To Reproduce See above.
Expected behavior Materialized views get executed in the scope of the authenticated user.
Workarounds n/a
Screenshots and Build Links n/a
Additional context The Postgres image shall be updated to a fixed version: