Bug 2326251 (CVE-2024-10978) - CVE-2024-10978 postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Summary: CVE-2024-10978 postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION res...
Keywords:
Status: NEW
Alias: CVE-2024-10978
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2326462 2326463 2326464 2326456 2326457 2326458 2326459 2326460 2326461
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-14 14:01 UTC by OSIDB Bzimport
Modified: 2025-04-06 18:57 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:10805 0 None None None 2024-12-04 20:18:07 UTC
Red Hat Product Errata RHBA-2024:11014 0 None None None 2024-12-12 19:00:37 UTC
Red Hat Product Errata RHSA-2024:10785 0 None None None 2024-12-04 08:43:38 UTC
Red Hat Product Errata RHSA-2024:10787 0 None None None 2024-12-04 09:20:30 UTC
Red Hat Product Errata RHSA-2024:10788 0 None None None 2024-12-04 09:19:51 UTC
Red Hat Product Errata RHSA-2024:10791 0 None None None 2024-12-04 15:35:47 UTC
Red Hat Product Errata RHSA-2024:10830 0 None None None 2024-12-05 09:08:19 UTC
Red Hat Product Errata RHSA-2024:10831 0 None None None 2024-12-05 09:08:37 UTC
Red Hat Product Errata RHSA-2024:10832 0 None None None 2024-12-05 09:08:30 UTC

Description OSIDB Bzimport 2024-11-14 14:01:29 UTC 
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.  An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature.  The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker.  If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION.  The attacker does not control which incorrect user ID applies.  Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Comment 2 errata-xmlrpc 2024-12-04 08:43:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10785 https://access.redhat.com/errata/RHSA-2024:10785
Comment 3 errata-xmlrpc 2024-12-04 09:19:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10788 https://access.redhat.com/errata/RHSA-2024:10788
Comment 4 errata-xmlrpc 2024-12-04 09:20:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10787 https://access.redhat.com/errata/RHSA-2024:10787
Comment 5 errata-xmlrpc 2024-12-04 15:35:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10791 https://access.redhat.com/errata/RHSA-2024:10791
Comment 6 errata-xmlrpc 2024-12-05 09:08:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10830 https://access.redhat.com/errata/RHSA-2024:10830
Comment 7 errata-xmlrpc 2024-12-05 09:08:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10832 https://access.redhat.com/errata/RHSA-2024:10832
Comment 8 errata-xmlrpc 2024-12-05 09:08:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10831 https://access.redhat.com/errata/RHSA-2024:10831
Note You need to log in before you can comment on or make changes to this bug.