CVE-2024-10976

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-10976
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10976.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10976
Aliases
Related
Published
2024-11-14T13:15:03Z
Modified
2024-12-05T15:36:13.809044Z
Summary
[none]
Details

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

References

Affected packages

Alpine:v3.17 / postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.14-r0

Affected versions

8.*

8.3.5-r0
8.3.7-r0
8.3.7-r1
8.3.7-r2
8.3.7-r3
8.4.0-r0
8.4.0-r1
8.4.0-r2
8.4.1-r0
8.4.1-r1
8.4.2-r0
8.4.2-r1
8.4.3-r0
8.4.3-r1
8.4.3-r2
8.4.3-r3
8.4.4-r0

9.*

9.0.1-r0
9.0.2-r0
9.0.3-r0
9.0.3-r1
9.0.4-r0
9.1.0-r0
9.1.0-r1
9.1.1-r0
9.1.1-r1
9.1.1-r2
9.1.2-r0
9.1.2-r1
9.1.2-r2
9.1.3-r0
9.1.4-r0
9.1.5-r0
9.2.0-r0
9.2.0-r1
9.2.1-r0
9.2.1-r1
9.2.1-r2
9.2.2-r0
9.2.3-r0
9.2.4-r0
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.1-r0
9.3.2-r0
9.3.3-r0
9.3.3-r1
9.3.3-r2
9.3.4-r0
9.3.4-r1
9.3.5-r0
9.3.5-r1
9.4.0-r0
9.4.1-r0
9.4.1-r1
9.4.1-r2
9.4.1-r3
9.4.2-r0
9.4.3-r0
9.4.4-r0
9.4.5-r0
9.4.5-r1
9.5.0-r0
9.5.1-r0
9.5.2-r0
9.5.2-r1
9.5.2-r2
9.5.2-r3
9.5.2-r4
9.5.3-r0
9.5.3-r1
9.5.4-r0
9.6.0-r0
9.6.0-r1
9.6.1-r0
9.6.1-r1
9.6.2-r0
9.6.2-r1
9.6.2-r2
9.6.2-r3
9.6.2-r4
9.6.3-r0
9.6.4-r0
9.6.4-r1
9.6.5-r0
9.6.5-r1

10.*

10.0-r0
10.0-r1
10.1-r0
10.1-r1
10.1-r2
10.2-r0
10.3-r0
10.3-r1
10.4-r0
10.5-r0

11.*

11.0-r0
11.0-r1
11.1-r0
11.2-r0
11.2-r1
11.3-r0
11.3-r1
11.3-r2
11.4-r0
11.4-r1
11.5-r0
11.5-r1
11.5-r2

12.*

12.0-r0
12.0-r1
12.1-r0
12.1-r1
12.1-r2
12.2-r0
12.2-r1
12.2-r2
12.2-r3
12.3-r0
12.3-r1
12.3-r2
12.4-r0
12.4-r1
12.5-r0
12.5-r1

13.*

13.1-r0
13.1-r1
13.1-r2
13.2-r0
13.2-r1
13.2-r2
13.2-r3
13.2-r4
13.3-r0
13.3-r1
13.4-r0
13.4-r1
13.4-r2

14.*

14.0-r0
14.0-r2
14.0-r3
14.0-r4
14.0-r5
14.0-r6
14.1-r0
14.1-r1
14.1-r2
14.1-r3
14.1-r4
14.1-r5
14.1-r6
14.1-r7
14.2-r0
14.2-r1
14.2-r2
14.2-r3
14.3-r0
14.3-r1
14.4-r0
14.4-r1
14.4-r2
14.5-r0
14.5-r1
14.5-r2
14.5-r3
14.6-r0
14.6-r1
14.7-r0
14.8-r0
14.9-r0
14.10-r0
14.11-r0
14.12-r0
14.13-r0

Alpine:v3.17 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.2-r0
15.3-r0
15.4-r0
15.5-r0
15.6-r0
15.7-r0
15.8-r0

Alpine:v3.18 / postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.14-r0

Affected versions

8.*

8.3.5-r0
8.3.7-r0
8.3.7-r1
8.3.7-r2
8.3.7-r3
8.4.0-r0
8.4.0-r1
8.4.0-r2
8.4.1-r0
8.4.1-r1
8.4.2-r0
8.4.2-r1
8.4.3-r0
8.4.3-r1
8.4.3-r2
8.4.3-r3
8.4.4-r0

9.*

9.0.1-r0
9.0.2-r0
9.0.3-r0
9.0.3-r1
9.0.4-r0
9.1.0-r0
9.1.0-r1
9.1.1-r0
9.1.1-r1
9.1.1-r2
9.1.2-r0
9.1.2-r1
9.1.2-r2
9.1.3-r0
9.1.4-r0
9.1.5-r0
9.2.0-r0
9.2.0-r1
9.2.1-r0
9.2.1-r1
9.2.1-r2
9.2.2-r0
9.2.3-r0
9.2.4-r0
9.3.0-r0
9.3.0-r1
9.3.0-r2
9.3.1-r0
9.3.2-r0
9.3.3-r0
9.3.3-r1
9.3.3-r2
9.3.4-r0
9.3.4-r1
9.3.5-r0
9.3.5-r1
9.4.0-r0
9.4.1-r0
9.4.1-r1
9.4.1-r2
9.4.1-r3
9.4.2-r0
9.4.3-r0
9.4.4-r0
9.4.5-r0
9.4.5-r1
9.5.0-r0
9.5.1-r0
9.5.2-r0
9.5.2-r1
9.5.2-r2
9.5.2-r3
9.5.2-r4
9.5.3-r0
9.5.3-r1
9.5.4-r0
9.6.0-r0
9.6.0-r1
9.6.1-r0
9.6.1-r1
9.6.2-r0
9.6.2-r1
9.6.2-r2
9.6.2-r3
9.6.2-r4
9.6.3-r0
9.6.4-r0
9.6.4-r1
9.6.5-r0
9.6.5-r1

10.*

10.0-r0
10.0-r1
10.1-r0
10.1-r1
10.1-r2
10.2-r0
10.3-r0
10.3-r1
10.4-r0
10.5-r0

11.*

11.0-r0
11.0-r1
11.1-r0
11.2-r0
11.2-r1
11.3-r0
11.3-r1
11.3-r2
11.4-r0
11.4-r1
11.5-r0
11.5-r1
11.5-r2

12.*

12.0-r0
12.0-r1
12.1-r0
12.1-r1
12.1-r2
12.2-r0
12.2-r1
12.2-r2
12.2-r3
12.3-r0
12.3-r1
12.3-r2
12.4-r0
12.4-r1
12.5-r0
12.5-r1

13.*

13.1-r0
13.1-r1
13.1-r2
13.2-r0
13.2-r1
13.2-r2
13.2-r3
13.2-r4
13.3-r0
13.3-r1
13.4-r0
13.4-r1
13.4-r2

14.*

14.0-r0
14.0-r2
14.0-r3
14.0-r4
14.0-r5
14.0-r6
14.1-r0
14.1-r1
14.1-r2
14.1-r3
14.1-r4
14.1-r5
14.1-r6
14.1-r7
14.2-r0
14.2-r1
14.2-r2
14.2-r3
14.3-r0
14.3-r1
14.4-r0
14.4-r1
14.4-r2
14.5-r0
14.5-r1
14.5-r2
14.5-r3
14.6-r0
14.6-r1
14.7-r0
14.7-r1
14.7-r2
14.7-r3
14.7-r4
14.8-r0
14.9-r0
14.10-r0
14.11-r0
14.12-r0
14.13-r0

Alpine:v3.18 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.4-r0
15.5-r0
15.6-r0
15.7-r0
15.8-r0

Alpine:v3.19 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.3-r1
15.4-r0
15.4-r1
15.4-r2
15.5-r0
15.6-r0
15.7-r0
15.8-r0

Alpine:v3.19 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.5-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.3-r0
16.4-r0

Alpine:v3.20 / postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-r0

Affected versions

15.*

15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.3-r1
15.4-r0
15.4-r1
15.4-r2
15.5-r0
15.6-r0
15.6-r1
15.6-r2
15.7-r0
15.8-r0

Alpine:v3.20 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.5-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.2-r2
16.2-r3
16.2-r4
16.3-r0
16.4-r0

Alpine:v3.21 / postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.5-r0

Affected versions

16.*

16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.2-r2
16.2-r3
16.2-r4
16.3-r0
16.3-r1
16.4-r0
16.4-r1

Alpine:v3.21 / postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.1-r0

Affected versions

17.*

17.0-r0
17.0-r1

Debian:11 / postgresql-13

Package

Name
postgresql-13
Purl
pkg:deb/debian/postgresql-13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.17-0+deb11u1

Affected versions

13.*

13.3-1
13.4-0+deb11u1
13.4-1
13.4-2
13.4-3
13.5-0+deb11u1
13.7-0+deb11u1
13.8-0+deb11u1
13.9-0+deb11u1
13.10-0+deb11u1
13.11-0+deb11u1
13.12-0+deb11u1
13.13-0+deb11u1
13.14-0+deb11u1
13.15-0+deb11u1
13.16-0+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / postgresql-15

Package

Name
postgresql-15
Purl
pkg:deb/debian/postgresql-15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.9-0+deb12u1

Affected versions

15.*

15.3-0+deb12u1
15.3-1
15.4-0+deb12u1
15.4-1
15.4-2
15.4-3
15.5-0+deb12u1
15.6-0+deb12u1
15.7-0+deb12u1
15.8-0+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / postgresql-16

Package

Name
postgresql-16
Purl
pkg:deb/debian/postgresql-16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

16~beta1-1
16~beta1-2
16~beta2-1
16~beta3-1
16~rc1-1
16~rc1-2

16.*

16.0-2
16.1-1
16.2-1
16.2-2
16.3-1
16.4-1
16.4-2
16.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / postgresql-17

Package

Name
postgresql-17
Purl
pkg:deb/debian/postgresql-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.1-1

Affected versions

Other

17~~devel20240509-1
17~beta1-1
17~beta2-1
17~beta3-1
17~rc1-1

17.*

17.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}