8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-7348

GHSA ID

GHSA-3c6g-7v4g-5xcm

EPSS Score

0.59997%

CWE

CWE-367

Published

8/8/2024

Updated

8/8/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-7348

CVE-2024-7348: Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object...

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-7348

GHSA ID

GHSA-3c6g-7v4g-5xcm

EPSS Score

0.59997%

CWE

CWE-367

Published

8/8/2024

Updated

8/8/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Tim*-o*-****k Tim*-o*-us* (TO*TOU) r*** *on*ition in p*_*ump in Post*r*SQL *llows *n o*j**t *r**tor to *x**ut* *r*itr*ry SQL *un*tions *s t** us*r runnin* p*_*ump, w*i** is o*t*n * sup*rus*r. T** *tt**k involv*s r*pl**in* *not**r r*l*tion typ* wit* *

Reasoning

No *n*lysis *v*il**l*

8.8

Basic Information

Concerned about an active attack path?

CVE-2024-7348: Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object...

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI