What is CVE-2024-0985?

CVE-2024-0985 is a high-severity vulnerability in Postgresql, classified under Privilege Dropping / Lowering Errors. CVSS score: 8.0/10. Published 2024-02-08.

How severe is CVE-2024-0985?

High severity. CVSS v3 base score is 8.0 out of 10.

Is CVE-2024-0985 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Postgresql

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view…

EPSS: 0.008 (73.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

N/a Postgresql — versions 16, 15, 14

Weakness classification (CWE)

CWE-271 — Privilege Dropping / Lowering Errors

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-0985?: CVE-2024-0985 is a high-severity vulnerability in Postgresql, classified under Privilege Dropping / Lowering Errors. CVSS score: 8.0/10. Published 2024-02-08.
How severe is CVE-2024-0985?: High severity. CVSS v3 base score is 8.0 out of 10.
Is CVE-2024-0985 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.