usn-6802-1
Vulnerability from osv_ubuntu
Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users.
NOTE: This update will only fix fresh PostgreSQL installations. Current PostgreSQL installations will remain vulnerable to this issue until manual steps are performed. Please see the instructions in the changelog located at /usr/share/doc/postgresql-*/changelog.Debian.gz after the updated packages have been installed, or in the PostgreSQL release notes located here:
https://www.postgresql.org/docs/16/release-16-3.html https://www.postgresql.org/docs/15/release-15-7.html https://www.postgresql.org/docs/14/release-14-12.html
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-4317",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.12-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.12-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "postgresql-14",
"purl": "pkg:deb/ubuntu/postgresql-14@14.12-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.12-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.1-1ubuntu1",
"14.2-1",
"14.2-1ubuntu1",
"14.3-0ubuntu0.22.04.1",
"14.4-0ubuntu0.22.04.1",
"14.5-0ubuntu0.22.04.1",
"14.6-0ubuntu0.22.04.1",
"14.7-0ubuntu0.22.04.1",
"14.8-0ubuntu0.22.04.1",
"14.9-0ubuntu0.22.04.1",
"14.10-0ubuntu0.22.04.1",
"14.11-0ubuntu0.22.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-4317",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.3-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.3-0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "postgresql-16",
"purl": "pkg:deb/ubuntu/postgresql-16@16.3-0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.3-0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"16.0-2",
"16.1-1",
"16.1-1build1",
"16.1-1build3",
"16.2-1",
"16.2-1ubuntu2",
"16.2-1ubuntu3",
"16.2-1ubuntu4"
]
}
],
"aliases": [],
"details": "Lukas Fittl discovered that PostgreSQL incorrectly performed authorization\nin the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged\ndatabase user can use this issue to read most common values and other\nstatistics from CREATE STATISTICS commands of other users.\n\nNOTE: This update will only fix fresh PostgreSQL installations. Current\nPostgreSQL installations will remain vulnerable to this issue until manual\nsteps are performed. Please see the instructions in the changelog located\nat /usr/share/doc/postgresql-*/changelog.Debian.gz after the updated\npackages have been installed, or in the PostgreSQL release notes located\nhere:\n\nhttps://www.postgresql.org/docs/16/release-16-3.html\nhttps://www.postgresql.org/docs/15/release-15-7.html\nhttps://www.postgresql.org/docs/14/release-14-12.html\n",
"id": "USN-6802-1",
"modified": "2026-04-22T07:37:08Z",
"published": "2024-05-30T11:59:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6802-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-4317"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "postgresql-14, postgresql-15, postgresql-16 vulnerability",
"upstream": [
"UBUNTU-CVE-2024-4317"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.