Privilege Escalation in PostgreSQL Affects Multiple Versions

CVE-2024-10978

What is CVE-2024-10978?

A vulnerability in PostgreSQL arises from incorrect privilege assignments that permit a less-privileged application user to access, view, or alter data that was not intended for them. The issue is particularly significant when applications utilize commands such as SET ROLE or SET SESSION AUTHORIZATION, enabling an attacker to manipulate queries or retrieve information in a manner that circumvents the intended security controls. This vulnerability allows for potential unauthorized modification or exposure of sensitive data when application queries incorporate attacker-controlled parameters or present query results to the attacker. Affected versions include those prior to PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References