CVE-2024-0012

KEV
Palo Alto Networks Cloud NGFW
18 Nov 2024
Published
19 Nov 2024
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
96.61%
  • 5 Posts
  • 12 Interactions

CVE Info

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
MITRE
NVD

Fediverse

Profile picture
dragosr@dragosr

Bad day for VPN routers: Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 auth bypass by HTTP, privesc via command injection. Exploitation enables pre-auth RCE chaining the bypass to inject arbitrary commands in PHP session handling, targeting SSLVPN devices.

Being actively exploited.

labs.watchtowr.com/pots-and-pa

  • 3
  • 5
  • 9 hours ago
Profile picture
Not Simon 🐐@screaminggoat

Unit 42 11/20 update: ⁠Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012

20 November 2024 update regarding Operation Lunar Peek and the zero-day exploitation of CVE-2024-0012 and CVE-2024-9474: Unit 42 updated the Executive Summary, the Current Scope of the Attack section, but most importantly, there are new Indicators of Compromise (IoC).

  • 1
  • 2
  • 3 hours ago
Profile picture
Ravi Nayyar@ravirockks

‘ We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?’

NIST-defined critical software.
labs.watchtowr.com/pots-and-pa

  • 0
  • 1
  • 9 hours ago
Profile picture
Patch NOW !!@patchnow24x7

Updates on PAN-SA-2024-0015: The blog has been updated with the following latest information provided by Palo Alto.

1) CVE-2024-0012 has been assigned
2) Indicators of Compromise has been updated.
3) Added a section "What if I found one of the IOCs in my Organization's environment??"
4) Affected Products and Product versions has been updated
5) Fixed versions has been updated.

Refer: patchnow24x7.com/blog-1/f/pan-










  • 0
  • 0
  • 20 hours ago
Profile picture
☑️ sᴉɹɥɔ@chris

r u freakin' kidding me? "X-PAN-AUTHCHECK: off" - seriously?!

labs.watchtowr.com/pots-and-pa

  • 0
  • 0
  • 20 hours ago

CVE-2024-9474

KEV
Palo Alto Networks Cloud NGFW
18 Nov 2024
Published
19 Nov 2024
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
97.40%
  • 4 Posts
  • 12 Interactions

CVE Info

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.
MITRE
NVD

Fediverse

Profile picture
dragosr@dragosr

Bad day for VPN routers: Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 auth bypass by HTTP, privesc via command injection. Exploitation enables pre-auth RCE chaining the bypass to inject arbitrary commands in PHP session handling, targeting SSLVPN devices.

Being actively exploited.

labs.watchtowr.com/pots-and-pa

  • 3
  • 5
  • 9 hours ago
Profile picture
Not Simon 🐐@screaminggoat

Unit 42 11/20 update: ⁠Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012

20 November 2024 update regarding Operation Lunar Peek and the zero-day exploitation of CVE-2024-0012 and CVE-2024-9474: Unit 42 updated the Executive Summary, the Current Scope of the Attack section, but most importantly, there are new Indicators of Compromise (IoC).

  • 1
  • 2
  • 3 hours ago
Profile picture
Ravi Nayyar@ravirockks

‘ We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?’

NIST-defined critical software.
labs.watchtowr.com/pots-and-pa

  • 0
  • 1
  • 9 hours ago
Profile picture
☑️ sᴉɹɥɔ@chris

r u freakin' kidding me? "X-PAN-AUTHCHECK: off" - seriously?!

labs.watchtowr.com/pots-and-pa

  • 0
  • 0
  • 20 hours ago

CVE-2024-38812

KEV
VMware vCenter Server
17 Sept 2024
Published
20 Nov 2024
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%
  • 2 Posts
  • 10 Interactions

CVE Info

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
MITRE
NVD

Fediverse

Profile picture
Patch NOW !!@patchnow24x7

Update on CVE-2024-38812: VMware vCenter Server Heap-Based Buffer Overflow Vulnerability-- CISA has added CVE-2024-38812 to its 'Known Exploited vulnerabilities catalog'. IF YOU HAVEN'T PATCHED IT YET, PATCH IT NOW!!

Link: cisa.gov/known-exploited-vulne









  • 1
  • 0
  • 2 hours ago
Profile picture
Not Simon 🐐@screaminggoat

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
  • CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability

  • 4
  • 5
  • 13 hours ago

CVE-2024-10979

PostgreSQL
14 Nov 2024
Published
21 Nov 2024
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
  • 2 Posts
  • 1 Interaction

CVE Info

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
MITRE
NVD

Fediverse

Profile picture
Ringzer0@ringzer0

Reproducing CVE-2024-10979: A Step-by-Step Guide: redrays.io/blog/reproducing-cv

  • 0
  • 0
  • 4 hours ago
Profile picture
buherator@buherator
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
  • 0
  • 1
  • 21 hours ago

CVE-2024-52940

Pending
18 Nov 2024
Published
18 Nov 2024
Updated
CVSS
Pending
EPSS
0.04%
  • 1 Post
  • 2 Interactions

CVE Info

AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.
MITRE
NVD

Fediverse

Profile picture
Günter Born@gborn

Schwachstelle bei AnyDesk

borncity.com/blog/2024/11/19/a

  • 1
  • 1
  • 11 hours ago

CVE-2024-26229

Microsoft Windows 10 Version 1809
09 Apr 2024
Published
09 Oct 2024
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.04%
  • 1 Post
  • 2 Interactions

CVE Info

Windows CSC Service Elevation of Privilege Vulnerability
MITRE
NVD

Fediverse

Profile picture
🌱 Ligniform :donor:​@ligniform

@cR0w This is from a client lol, AlienVault is flagging 127.0.0.0/8 connections as cve-2024-26229 IOCs 🙄

  • 0
  • 2
  • 9 hours ago

CVE-2024-10224

Module::ScanDeps
19 Nov 2024
Published
19 Nov 2024
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.05%
  • 1 Post
  • 1 Interaction

CVE Info

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
MITRE
NVD

Fediverse

Profile picture
Seth Hanford 🐡@ckure

It has been 0 days since I've had to tap the sign:
infosec.exchange/@ckure/111970

"CVE-2024-10224: local attackers can execute arbitrary shell commands as root by tricking needrestart into open()ing a filename of the form "commands|" (technically, this vulnerability is in Perl's ScanDeps module, but it is unclear whether this module was ever meant to operate on attacker-controlled files or not)."

qualys.com/2024/11/19/needrest

  • 0
  • 1
  • 8 hours ago

CVE-2024-35250

Microsoft Windows 10 Version 1809
11 Jun 2024
Published
15 Oct 2024
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.04%
  • 1 Post

CVE Info

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
MITRE
NVD

Fediverse

Profile picture
Dark Web Informer :verified_paw: :verified_dragon:@DarkWebInformer

🚨CVE-2024-35250 PoC for the Untrusted Pointer Dereference in the ks.sys driver

darkwebinformer.com/cve-2024-3

  • 0
  • 0
  • 12 hours ago

CVE-2024-9143

OpenSSL
16 Oct 2024
Published
08 Nov 2024
Updated
CVSS
Pending
EPSS
0.04%
  • 1 Post

CVE Info

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
MITRE
NVD

Fediverse

Profile picture
Jonathan Metzman@metzman

We published more details about our LLM-based fuzz target generator, which found CVE-2024-9143 in OpenSSL
security.googleblog.com/2024/1

  • 0
  • 0
  • 5 hours ago

CVE-2024-1212

KEV
Progress Software LoadMaster
21 Feb 2024
Published
19 Nov 2024
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
91.88%
  • 1 Post
  • 1 Interaction

CVE Info

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
MITRE
NVD

Fediverse

Profile picture
Sam Stepanyan :verified: 🐘@securestep9

Progress Kemp contains an OS Command that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution (CVE-2024-1212):
thehackernews.com/2024/11/cisa

  • 0
  • 1
  • 19 hours ago

CVE-2024-23113

KEV
Fortinet FortiSwitchManager
15 Feb 2024
Published
10 Oct 2024
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
1.84%
  • 1 Post

CVE Info

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
MITRE
NVD

Fediverse

Profile picture
maschmi@inw

What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec

labs.watchtowr.com/hop-skip-fo

  • 0
  • 0
  • 12 hours ago

CVE-2024-47575

KEV
Fortinet FortiManager
23 Oct 2024
Published
07 Nov 2024
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
5.18%
  • 1 Post

CVE Info

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
MITRE
NVD

Fediverse

Profile picture
maschmi@inw

What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec

labs.watchtowr.com/hop-skip-fo

  • 0
  • 0
  • 12 hours ago

CVE-2024-21287

Oracle Corporation Agile PLM Framework
18 Nov 2024
Published
19 Nov 2024
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.09%
  • 1 Post

CVE Info

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
MITRE
NVD

Fediverse

Profile picture
Jeff Hall - PCIGuru :verified:@jbhall56

Tracked as CVE-2024-21287 (CVSS score of 7.5), the zero-day affects Agile PLM version 9.3.6 and can be exploited remotely without authentication. securityweek.com/oracle-patche

  • 0
  • 0
  • 15 hours ago

CVE-2024-38813

KEV
VMware vCenter Server
17 Sept 2024
Published
20 Nov 2024
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.09%
  • 1 Post
  • 9 Interactions

CVE Info

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
MITRE
NVD

Fediverse

Profile picture
Not Simon 🐐@screaminggoat

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
  • CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability

  • 4
  • 5
  • 13 hours ago

CVE-2024-44309

Apple Safari
19 Nov 2024
Published
19 Nov 2024
Updated
CVSS
Pending
EPSS
0.04%
  • 1 Post
  • 3 Interactions

CVE Info

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
MITRE
NVD

Fediverse

Profile picture
apfeltalk :verified:@apfeltalk

iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
apfeltalk.de/magazin/feature/i
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit

  • 1
  • 2
  • 21 hours ago

CVE-2024-44308

Apple Safari
19 Nov 2024
Published
20 Nov 2024
Updated
CVSS
Pending
EPSS
0.04%
  • 1 Post
  • 3 Interactions

CVE Info

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
MITRE
NVD

Fediverse

Profile picture
apfeltalk :verified:@apfeltalk

iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
apfeltalk.de/magazin/feature/i
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit

  • 1
  • 2
  • 21 hours ago

CVE-2024-20767

Adobe ColdFusion
18 Mar 2024
Published
13 Sept 2024
Updated
CVSS v3.1
HIGH (8.2)
EPSS
11.07%
  • 1 Post

CVE Info

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
MITRE
NVD

Fediverse

Profile picture
buherator@buherator
[RSS] Remediation for CVE-2024-20767 (ColdFusion) and CVE-2024-21216 (WebLogic) Potential Exploitable Bugs

https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
  • 0
  • 0
  • 19 hours ago

CVE-2024-21216

Oracle Corporation WebLogic Server
15 Oct 2024
Published
17 Oct 2024
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.15%
  • 1 Post

CVE Info

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
MITRE
NVD

Fediverse

Profile picture
buherator@buherator
[RSS] Remediation for CVE-2024-20767 (ColdFusion) and CVE-2024-21216 (WebLogic) Potential Exploitable Bugs

https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
  • 0
  • 0
  • 19 hours ago

CVE-2024-10977

PostgreSQL
14 Nov 2024
Published
14 Nov 2024
Updated
CVSS v3.1
LOW (3.1)
EPSS
0.04%
  • 1 Post
  • 1 Interaction

CVE Info

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
MITRE
NVD

Fediverse

Profile picture
buherator@buherator
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
  • 0
  • 1
  • 21 hours ago

CVE-2024-10976

PostgreSQL
14 Nov 2024
Published
14 Nov 2024
Updated
CVSS v3.1
MEDIUM (4.2)
EPSS
0.04%
  • 1 Post
  • 1 Interaction

CVE Info

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
MITRE
NVD

Fediverse

Profile picture
buherator@buherator
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
  • 0
  • 1
  • 21 hours ago

CVE-2024-10978

PostgreSQL
14 Nov 2024
Published
18 Nov 2024
Updated
CVSS v3.1
MEDIUM (4.2)
EPSS
0.04%
  • 1 Post
  • 1 Interaction

CVE Info

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
MITRE
NVD

Fediverse

Profile picture
buherator@buherator
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
  • 0
  • 1
  • 21 hours ago