{"vulnerability": "CVE-2024-10976", "sightings": [{"uuid": "70a5ef6c-aa19-4845-9037-5b2191f5fe46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10976", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113481449755283145", "content": "", "creation_timestamp": "2024-11-14T13:05:04.960247Z"}, {"uuid": "292ddc9a-05ad-4dd3-8480-c035a63fda66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10976", "type": "seen", "source": "https://bsky.app/profile/clayton256.bsky.social/post/3lkqh5mjaxg2z", "content": "", "creation_timestamp": "2025-03-19T15:00:12.103761Z"}, {"uuid": "8b924d0a-86f4-4574-8dfc-e8397a6769f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10976", "type": "seen", "source": "https://bsky.app/profile/evansims.com/post/3miyyc7glw62t", "content": "", "creation_timestamp": "2026-04-08T19:04:06.550510Z"}, {"uuid": "f9959a93-6311-4e53-ad4f-09fb81c96122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10976", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mizr665myz26", "content": "", "creation_timestamp": "2026-04-09T02:29:14.960501Z"}, {"uuid": "9aa2d077-8db0-4860-b7bf-aa83e1ceb12f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10976", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15841", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10976\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.  CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.  They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.  This has the same consequences as the two earlier CVEs.  That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.  This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.  Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.  This affects only databases that have used CREATE POLICY to define a row security policy.  An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\ud83d\udccf Published: 2024-11-14T13:00:01.930Z\n\ud83d\udccf Modified: 2025-05-09T20:03:32.584Z\n\ud83d\udd17 References:\n1. https://www.postgresql.org/support/security/CVE-2024-10976/", "creation_timestamp": "2025-05-09T20:26:17.000000Z"}, {"uuid": "077c14cf-451a-48a9-9da7-b229c8df1501", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10976", "type": "seen", "source": "https://t.me/cvedetector/10948", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10976 - PostgreSQL Row Security Policy Reuse Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10976 \nPublished : Nov. 14, 2024, 1:15 p.m. | 39\u00a0minutes ago \nDescription : Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.  CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.  They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.  This has the same consequences as the two earlier CVEs.  That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.  This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.  Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.  This affects only databases that have used CREATE POLICY to define a row security policy.  An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-14T14:59:09.000000Z"}, {"uuid": "a90c55ea-aa9e-453a-8b75-f40fe0f14d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10976", "type": "seen", "source": "Telegram/T7bmhZyyY3q44NdwHtBlh__0uklY8nk4hbekeMxCZg_wv81B", "content": "", "creation_timestamp": "2025-02-14T10:03:10.000000Z"}]}