CircleCI-Public / cimg-postgres

MIT License
8 stars 25 forks source link

Bug Report: CVE-2024-0985 PostgreSQL security alert #115

Closed jbauerrfid closed 9 months ago

jbauerrfid commented 9 months ago

Describe the bug Restricted users can exploit materialized views to increase their permissions. There is a detailed bug description at https://www.postgresql.org/support/security/CVE-2024-0985/

To Reproduce See above.

Expected behavior Materialized views get executed in the scope of the authenticated user.

Workarounds n/a

Screenshots and Build Links n/a

Additional context The Postgres image shall be updated to a fixed version:

jbauerrfid commented 9 months ago

This issue has been fixed by https://github.com/CircleCI-Public/cimg-postgres/pull/117

Hence closing this.