CVE-2024-12744

CVSS V2 None CVSS V3 None
Description
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30.
Overview
  • CVE ID
  • CVE-2024-12744
  • Assigner
  • AMZN
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-24T16:12:51.304Z
  • Last Modified Date
  • 2024-12-25T02:43:34.838Z
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
References
Reference URL Reference Tags
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-8596-2jgr-ppj7 vendor-advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-12744
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12744
History
Created Old Value New Value Data Type Notes
2024-12-25 13:11:43 Added to TrackCVE