CVE-2024-12744

Sažetak

A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2024-015/
https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.1.0.32
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7

CVSS

Base:	8.0
Impact:	5.9
Exploitability:	2.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

14-10-2025 - 19:15

Objavljeno

24-12-2024 - 17:15