CVE-2024-49042

Summary

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftAzure Database for PostgreSQL Flexible Server16.4.0 < 16.4affected
MicrosoftAzure Database for PostgreSQL Flexible Server15.8 < 15.8affected
MicrosoftAzure Database for PostgreSQL Flexible Server14.13 < 14.13affected
MicrosoftAzure Database for PostgreSQL Flexible Server13.16 < 13.16affected
MicrosoftAzure Database for PostgreSQL Flexible Server12.20 < 12.20affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References