CVE-2024-58367

N/A Unknown
Published: July 18, 2026 Modified: July 18, 2026
View on NVD

Description

SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function arguments, WHERE clause filtering, RETURN BEFORE clauses, and SET clause references to leak protected field contents despite lacking SELECT permissions.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)