What is CVE-2024-12744?

CVE-2024-12744 is a high-severity vulnerability in Amazon Redshift Jdbc Driver, classified under SQL Injection. CVSS score: 8.0/10. Published 2024-12-24.

How severe is CVE-2024-12744?

High severity. CVSS v3 base score is 8.0 out of 10.

SQL Injection in Amazon Redshift Jdbc Driver

CVE-2024-12744

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver…

Vulnerability class: SQL Injection

EPSS: 0.008 (73.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Amazon Redshift Jdbc Driver — versions 2.1.0.31

Weakness classification (CWE)

CWE-89 — SQL Injection

References

github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-p… (vendor-advisory)
aws.amazon.com/security/security-bulletins/AWS-2024-015/ (vendor-advisory)
github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.1.0.32 (patch)

Frequently asked questions

What is CVE-2024-12744?: CVE-2024-12744 is a high-severity vulnerability in Amazon Redshift Jdbc Driver, classified under SQL Injection. CVSS score: 8.0/10. Published 2024-12-24.
How severe is CVE-2024-12744?: High severity. CVSS v3 base score is 8.0 out of 10.