CVE-2024-1713 – This vulnerability in plv8 3.2.1 allows users w... (How to Fix)

Q: What is the severity of CVE-2024-1713?

CVE-2024-1713 has a CVSS score of 7.2 (HIGH). This vulnerability in plv8 3.2.1 allows users with database object creation privileges to cause deferred triggers to execute with Superuser privileges during autovacuum processes. This affects PostgreSQL databases with plv8 extension installed where users can create objects. The vulnerability enables privilege escalation from regular database users to Superuser.

📋 TL;DR

This vulnerability in plv8 3.2.1 allows users with database object creation privileges to cause deferred triggers to execute with Superuser privileges during autovacuum processes. This affects PostgreSQL databases with plv8 extension installed where users can create objects. The vulnerability enables privilege escalation from regular database users to Superuser.

💻 Affected Systems

Products:

plv8 PostgreSQL extension

Versions: plv8 version 3.2.1

Operating Systems: All operating systems running PostgreSQL with plv8

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PostgreSQL database with plv8 extension installed and users with CREATE privilege on databases.

📦 What is this software?

Plv8 by Plv8

View all CVEs affecting Plv8 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise with Superuser access, allowing data theft, modification, or destruction, and potential lateral movement to other systems.

🟠

Likely Case

Privilege escalation leading to unauthorized data access, modification of database objects, and potential persistence mechanisms.

🟢

If Mitigated

Limited impact if proper access controls restrict object creation to trusted users only.

🌐 Internet-Facing: MEDIUM - Requires database access and object creation privileges, but internet-facing databases with vulnerable configurations could be targeted.

🏢 Internal Only: HIGH - Internal users with database access could exploit this for privilege escalation and data compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires database access and object creation privileges. Proof of concept available in security advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: plv8 version 3.2.2 or later

Vendor Advisory: https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4

Restart Required: Yes

Instructions:

1. Update plv8 extension to version 3.2.2 or later. 2. Restart PostgreSQL service. 3. Verify the updated version is active.

🔧 Temporary Workarounds

Restrict object creation privileges

all

Limit CREATE privilege on databases to trusted administrators only.

REVOKE CREATE ON DATABASE database_name FROM username;

Disable plv8 extension

all

Remove or disable plv8 extension if not required.

DROP EXTENSION IF EXISTS plv8;

🧯 If You Can't Patch

Implement strict access controls to limit object creation to essential administrators only.
Monitor database activity for unusual trigger creation or autovacuum-related privilege escalations.

🔍 How to Verify

Check if Vulnerable:

Check plv8 version: SELECT * FROM pg_available_extensions WHERE name = 'plv8';

Check Version:

SELECT extversion FROM pg_extension WHERE extname = 'plv8';

Verify Fix Applied:

Verify plv8 version is 3.2.2 or later: SELECT extversion FROM pg_extension WHERE extname = 'plv8';

📡 Detection & Monitoring

Log Indicators:

Unusual trigger creation events
Autovacuum processes with elevated privileges
Failed privilege escalation attempts

Network Indicators:

Unusual database connection patterns from non-admin users

SIEM Query:

source="postgresql" AND (event="CREATE TRIGGER" OR event="autovacuum") AND user!="postgres"

📊 Metadata

CVE ID: CVE-2024-1713

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

CWE: CWE-394

Published: March 14, 2024

Last Updated: January 23, 2025

🔗 References

https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4 Exploit,Third Party Advisory
https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1713, you might also want to check these: