csaf_certbund - wid-sec-w-2024-3475

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PostgreSQL ist eine frei verf\u00fcgbare Datenbank f\u00fcr unterschiedliche Betriebssysteme.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in PostgreSQL ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren oder vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3475 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3475.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3475 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3475"
      },
      {
        "category": "external",
        "summary": "PostgreSQL Release Notes vom 2024-11-14",
        "url": "https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/"
      },
      {
        "category": "external",
        "summary": "PostgreSQL Security Advisory vom 2024-11-14",
        "url": "https://www.postgresql.org/support/security/CVE-2024-10976/"
      },
      {
        "category": "external",
        "summary": "PostgreSQL Security Advisory vom 2024-11-14",
        "url": "https://www.postgresql.org/support/security/CVE-2024-10977/"
      },
      {
        "category": "external",
        "summary": "PostgreSQL Security Advisory vom 2024-11-14",
        "url": "https://www.postgresql.org/support/security/CVE-2024-10978/"
      },
      {
        "category": "external",
        "summary": "PostgreSQL Security Advisory vom 2024-11-14",
        "url": "https://www.postgresql.org/support/security/CVE-2024-10979/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5812 vom 2024-11-16",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00226.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14502-1 vom 2024-11-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AKWDFN2C7BDHNEIL7UAMUE2QLH322LIK/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14505-1 vom 2024-11-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RB4KENPNXIDYL7D4OSLN7SICCC2ASXXP/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3954 vom 2024-11-16",
        "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4052-1 vom 2024-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019843.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4063-1 vom 2024-11-26",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NM7DG2QZKFAKH2TVO6LI5MFXR43ZC4RC/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4098-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019869.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4097-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019870.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4096-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019871.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4095-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019872.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4099-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019868.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4118-1 vom 2024-11-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VBMMHVAJJCAP52ZFWBGECD6A3RO5GMX4/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10593 vom 2024-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:10593"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4114-1 vom 2024-11-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019874.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10595 vom 2024-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:10595"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10705 vom 2024-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:10705"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7132-1 vom 2024-12-02",
        "url": "https://ubuntu.com/security/notices/USN-7132-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10677 vom 2024-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:10677"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10739 vom 2024-12-03",
        "url": "https://access.redhat.com/errata/RHSA-2024:10739"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10788 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10788"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10787 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10787"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10785 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10785"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10750 vom 2024-12-03",
        "url": "https://access.redhat.com/errata/RHSA-2024:10750"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10789 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10789"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10800 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10800"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10827 vom 2024-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:10827"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10807 vom 2024-12-04",
        "url": "https://access.redhat.com/errata/RHSA-2024:10807"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4175-1 vom 2024-12-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LS2XLEBNB7SJ2N2QEBUANUTS7ORDE6SO/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10831 vom 2024-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:10831"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4174-1 vom 2024-12-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/L5U7GLD2GHOAYD54LYIGZYYVWQYGYFRX/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4176-1 vom 2024-12-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DALTZPSAABBADG7HF56AU5UPFJAHAARO/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10832 vom 2024-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:10832"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4173-1 vom 2024-12-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5WIRX4CKTVOW2ASMEMI4CQRBL6C6VQJS/"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2024:10791"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:10830 vom 2024-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:10830"
      }
    ],
    "source_lang": "en-US",
    "title": "PostgreSQL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-04T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-05T10:11:11.921+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3475",
      "initial_release_date": "2024-11-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-17T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian und openSUSE aufgenommen"
        },
        {
          "date": "2024-11-25T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-26T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-28T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-01T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-12-02T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2024-12-03T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-04T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c17.1",
                "product": {
                  "name": "Open Source PostgreSQL \u003c17.1",
                  "product_id": "T039193"
                }
              },
              {
                "category": "product_version",
                "name": "17.1",
                "product": {
                  "name": "Open Source PostgreSQL 17.1",
                  "product_id": "T039193-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:17.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.5",
                "product": {
                  "name": "Open Source PostgreSQL \u003c16.5",
                  "product_id": "T039194"
                }
              },
              {
                "category": "product_version",
                "name": "16.5",
                "product": {
                  "name": "Open Source PostgreSQL 16.5",
                  "product_id": "T039194-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:16.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.9",
                "product": {
                  "name": "Open Source PostgreSQL \u003c15.9",
                  "product_id": "T039195"
                }
              },
              {
                "category": "product_version",
                "name": "15.9",
                "product": {
                  "name": "Open Source PostgreSQL 15.9",
                  "product_id": "T039195-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:15.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14.14",
                "product": {
                  "name": "Open Source PostgreSQL \u003c14.14",
                  "product_id": "T039196"
                }
              },
              {
                "category": "product_version",
                "name": "14.14",
                "product": {
                  "name": "Open Source PostgreSQL 14.14",
                  "product_id": "T039196-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:14.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.17",
                "product": {
                  "name": "Open Source PostgreSQL \u003c13.17",
                  "product_id": "T039197"
                }
              },
              {
                "category": "product_version",
                "name": "13.17",
                "product": {
                  "name": "Open Source PostgreSQL 13.17",
                  "product_id": "T039197-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:13.17"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.21",
                "product": {
                  "name": "Open Source PostgreSQL \u003c12.21",
                  "product_id": "T039198"
                }
              },
              {
                "category": "product_version",
                "name": "12.21",
                "product": {
                  "name": "Open Source PostgreSQL 12.21",
                  "product_id": "T039198-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:postgresql:postgresql:12.21"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PostgreSQL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "T034267",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10976",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in PostgreSQL. Dieser Fehler existiert wegen der unvollst\u00e4ndigen Verfolgung von Tabellen mit Sicherheit auf Zeilenebene in der Abfrageplanungskomponente, was die Anwendung falscher Zeilensicherheitsrichtlinien erm\u00f6glicht. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um andere als die beabsichtigten Zeilen anzuzeigen oder zu \u00e4ndern, wodurch m\u00f6glicherweise rollenspezifische Richtlinien umgangen werden k\u00f6nnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039197",
          "T039196",
          "T039198",
          "2951",
          "T002207",
          "T039193",
          "67646",
          "T000126",
          "T039195",
          "T039194",
          "T027843",
          "T034267"
        ]
      },
      "release_date": "2024-11-14T23:00:00.000+00:00",
      "title": "CVE-2024-10976"
    },
    {
      "cve": "CVE-2024-10977",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in PostgreSQL. Dieser Fehler existiert wegen der unsachgem\u00e4\u00dfen Behandlung von Server-Fehlermeldungen in der libpq-Clientkomponente, wodurch beliebige Nicht-NUL-Bytes verarbeitet werden k\u00f6nnen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er manipulierte Fehlermeldungen sendet, die einen Benutzer oder ein automatisiertes Werkzeug dazu verleiten k\u00f6nnten, die Meldung als g\u00fcltige Abfrageergebnisse zu interpretieren. Zur erfolgreichen Ausnutzung ist eine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039197",
          "T039196",
          "T039198",
          "2951",
          "T002207",
          "T039193",
          "67646",
          "T000126",
          "T039195",
          "T039194",
          "T027843",
          "T034267"
        ]
      },
      "release_date": "2024-11-14T23:00:00.000+00:00",
      "title": "CVE-2024-10977"
    },
    {
      "cve": "CVE-2024-10978",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in PostgreSQL. Dieser Fehler existiert wegen einer fehlerhaften Rechtevergabe in der Rollenverwaltungskomponente, die einen nicht autorisierten Zugriff auf Daten erm\u00f6glicht. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, indem er SET ROLE, SET SESSION AUTHORIZATION oder \u00e4hnliche Funktionen ausnutzt, um andere als die beabsichtigten Zeilen anzuzeigen oder zu \u00e4ndern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039197",
          "T039196",
          "T039198",
          "2951",
          "T002207",
          "T039193",
          "67646",
          "T000126",
          "T039195",
          "T039194",
          "T027843",
          "T034267"
        ]
      },
      "release_date": "2024-11-14T23:00:00.000+00:00",
      "title": "CVE-2024-10978"
    },
    {
      "cve": "CVE-2024-10979",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in PostgreSQL. Dieser Fehler existiert wegen einer inkorrekten Kontrolle von Umgebungsvariablen in der PL/Perl Komponente, die unautorisierte \u00c4nderungen an sensiblen Prozessumgebungsvariablen (z.B. PATH) erlaubt. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um die Ausf\u00fchrung von beliebigem Code zu erm\u00f6glichen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039197",
          "T039196",
          "T039198",
          "2951",
          "T002207",
          "T039193",
          "67646",
          "T000126",
          "T039195",
          "T039194",
          "T027843",
          "T034267"
        ]
      },
      "release_date": "2024-11-14T23:00:00.000+00:00",
      "title": "CVE-2024-10979"
    }
  ]
}

cve-2024-10976

Vulnerability from cvelistv5

Published

2024-11-14 13:00

Modified

2024-11-14 19:32

Severity ?

4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

PostgreSQL row security below e.g. subqueries disregards user ID changes

References

▼	URL	Tags
	https://www.postgresql.org/support/security/CVE-2024-10976/

Impacted products

Vendor

Product

Version

▼

Version: 17   < 17.1
Version: 16   < 16.5
Version: 15   < 15.9
Version: 14   < 14.14
Version: 13   < 13.17
Version: 0   < 12.21

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T18:53:41.183245Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T19:32:17.213Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.5",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.9",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.14",
              "status": "affected",
              "version": "14",
              "versionType": "rpm"
            },
            {
              "lessThan": "13.17",
              "status": "affected",
              "version": "13",
              "versionType": "rpm"
            },
            {
              "lessThan": "12.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "application uses row security policies that react to the current role, and one database session reaches the same query via multiple roles"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Wolfgang Walther for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.  CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.  They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.  This has the same consequences as the two earlier CVEs.  That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.  This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.  Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.  This affects only databases that have used CREATE POLICY to define a row security policy.  An attacker must tailor an attack to a particular application\u0027s pattern of query plan reuse, user ID changes, and role-specific row security policies.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1250",
              "description": "Improper Preservation of Consistency Between Independent Representations of Shared State",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-14T13:00:01.930Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2024-10976/"
        }
      ],
      "title": "PostgreSQL row security below e.g. subqueries disregards user ID changes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2024-10976",
    "datePublished": "2024-11-14T13:00:01.930Z",
    "dateReserved": "2024-11-07T19:27:02.623Z",
    "dateUpdated": "2024-11-14T19:32:17.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-10978

Vulnerability from cvelistv5

Published

2024-11-14 13:00

Modified

2024-11-21 22:02

Severity ?

4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

References

▼	URL	Tags
	https://www.postgresql.org/support/security/CVE-2024-10978/

Impacted products

Vendor

Product

Version

▼

Version: 17   < 17.1
Version: 16   < 16.5
Version: 15   < 15.9
Version: 14   < 14.14
Version: 13   < 13.17
Version: 0   < 12.21

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T18:53:38.409914Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T19:29:16.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-21T22:02:44.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.5",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.9",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.14",
              "status": "affected",
              "version": "14",
              "versionType": "rpm"
            },
            {
              "lessThan": "13.17",
              "status": "affected",
              "version": "13",
              "versionType": "rpm"
            },
            {
              "lessThan": "12.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Tom Lane for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.  An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature.  The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker.  If that query reacts to current_setting(\u0027role\u0027) or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION.  The attacker does not control which incorrect user ID applies.  Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-14T13:00:07.398Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2024-10978/"
        }
      ],
      "title": "PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2024-10978",
    "datePublished": "2024-11-14T13:00:07.398Z",
    "dateReserved": "2024-11-07T19:27:03.860Z",
    "dateUpdated": "2024-11-21T22:02:44.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-10979

Vulnerability from cvelistv5

Published

2024-11-14 13:00

Modified

2024-11-25 04:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

PostgreSQL PL/Perl environment variable changes execute arbitrary code

References

▼	URL	Tags
	https://www.postgresql.org/support/security/CVE-2024-10979/

Impacted products

Vendor

Product

Version

▼

Version: 17   < 17.1
Version: 16   < 16.5
Version: 15   < 15.9
Version: 14   < 14.14
Version: 13   < 13.17
Version: 0   < 12.21

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "postgresql",
            "vendor": "postgresql",
            "versions": [
              {
                "lessThan": "12.21",
                "status": "affected",
                "version": "0",
                "versionType": "rpm"
              },
              {
                "lessThan": "13.17",
                "status": "affected",
                "version": "13",
                "versionType": "rpm"
              },
              {
                "lessThan": "14.14",
                "status": "affected",
                "version": "14",
                "versionType": "rpm"
              },
              {
                "lessThan": "15.9",
                "status": "affected",
                "version": "15",
                "versionType": "rpm"
              },
              {
                "lessThan": "16.5",
                "status": "affected",
                "version": "16",
                "versionType": "rpm"
              },
              {
                "lessThan": "17.1",
                "status": "affected",
                "version": "17",
                "versionType": "rpm"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10979",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T04:55:16.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-25T04:40:58.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "17.1",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.5",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.9",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.14",
              "status": "affected",
              "version": "14",
              "versionType": "rpm"
            },
            {
              "lessThan": "13.17",
              "status": "affected",
              "version": "13",
              "versionType": "rpm"
            },
            {
              "lessThan": "12.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "administrator has installed PL/Perl"
        },
        {
          "lang": "en",
          "value": "attacker has permission to create objects (temporary objects or non-temporary objects in at least one schema)"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Coby Abrams for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH).  That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-15",
              "description": "External Control of System or Configuration Setting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-14T13:00:08.586Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2024-10979/"
        }
      ],
      "title": "PostgreSQL PL/Perl environment variable changes execute arbitrary code"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2024-10979",
    "datePublished": "2024-11-14T13:00:08.586Z",
    "dateReserved": "2024-11-07T19:27:04.476Z",
    "dateUpdated": "2024-11-25T04:40:58.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-10977

Vulnerability from cvelistv5

Published

2024-11-14 13:00

Modified

2024-11-14 19:31

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

PostgreSQL libpq retains an error message from man-in-the-middle

References

▼	URL	Tags
	https://www.postgresql.org/support/security/CVE-2024-10977/

Impacted products

Vendor

Product

Version

▼

Version: 17   < 17.1
Version: 16   < 16.5
Version: 15   < 15.9
Version: 14   < 14.14
Version: 13   < 13.17
Version: 0   < 12.21

Show details on NVD website