CVE-2024-10978

{"id": "CVE-2024-10978", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}]}, "published": "2024-11-14T13:15:04.217", "references": [{"url": "https://www.postgresql.org/support/security/CVE-2024-10978/", "tags": ["Vendor Advisory"], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "description": [{"lang": "en", "value": "CWE-266"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."}, {"lang": "es", "value": "La asignaci\u00f3n incorrecta de privilegios en PostgreSQL permite que un usuario de la aplicaci\u00f3n con menos privilegios vea o cambie filas distintas a las previstas. Un ataque requiere que la aplicaci\u00f3n utilice SET ROLE, SET SESSION AUTHORIZATION o una funci\u00f3n equivalente. El problema surge cuando una consulta de la aplicaci\u00f3n utiliza par\u00e1metros del atacante o transmite los resultados de la consulta al atacante. Si esa consulta reacciona a current_setting('role') o al ID de usuario actual, puede modificar o devolver datos como si la sesi\u00f3n no hubiera utilizado SET ROLE o SET SESSION AUTHORIZATION. El atacante no controla qu\u00e9 ID de usuario incorrecto se aplica. El texto de la consulta de fuentes con menos privilegios no es un problema aqu\u00ed, porque SET ROLE y SET SESSION AUTHORIZATION no son entornos aislados para consultas no verificadas. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."}], "lastModified": "2025-02-20T15:41:14.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "433D59A0-8811-4DDB-A9F7-D85C62F905CC", "versionEndExcluding": "12.21", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "380F8048-FBE5-4606-93A3-915CFD229317", "versionEndExcluding": "13.17", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACF31C7-3B20-4BAE-A596-9C59D67406D8", "versionEndExcluding": "14.14", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF12F1A2-3179-4DAC-B728-038B94954DC7", "versionEndExcluding": "15.9", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "353CBD91-FC28-4DA3-B79A-F4F4DC80FA93", "versionEndExcluding": "16.5", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "554F297F-6688-4242-9618-40A3A017D246"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2012E2E6-9A7A-4EA8-AE7C-5CB3486CE9DA"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "354785D4-62F8-49C6-BFE6-D7AFEF7BE28F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5B99AA-AEDF-4730-824E-3A09D47B19DE"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C88EECA-C66E-4FCF-BA4A-7581516B2471"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}