CVE-2024-10976

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: PostgreSQL (affected versions not specified)

Description: The issue is related to an inconsistency in the row security policy of PostgreSQL, allowing an attacker to potentially execute arbitrary commands by reusing a query in multiple SET ROLE operations. This problem can cause reused queries to access or change the wrong rows, leading to unauthorized data access.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-264CWE-1250CWE-348CWE-15

Related Identifiers

ALSA-2024:10785

ALSA-2024:10787

ALSA-2024:10788

ALSA-2024:10791

ALSA-2024:10830

ALSA-2024:10831

ALSA-2024:10832

ALT-PU-2024-15897

ALT-PU-2024-15899

ALT-PU-2024-15900

ALT-PU-2024-15901

ALT-PU-2024-15902

ALT-PU-2024-15905

ALT-PU-2024-15907

ALT-PU-2024-16008

ALT-PU-2024-16010

ALT-PU-2024-16011

ALT-PU-2024-16012

ALT-PU-2024-16013

ALT-PU-2024-16159

ALT-PU-2024-16161

ALT-PU-2024-16162

ALT-PU-2024-16163

ALT-PU-2024-16164

ALT-PU-2024-16165

ALT-PU-2024-16336

ALT-PU-2024-16338

ALT-PU-2024-17039

ALT-PU-2024-17041

ALT-PU-2024-17042

ALT-PU-2024-17043

ALT-PU-2024-17044

AZL-53201

AZL-53215

BDU:2024-09679

BDU:2024-09681

BDU:2024-09682

BDU:2024-09684

BIT-POSTGRESQL-2024-10976

CESA-2024_10785

CESA-2024_10830

CESA-2024_10831

CESA-2024_10832

CVE-2024-10976

DLA-3954-1

DSA-5812-1

DSA-5812-2

ECHO-AD9B-90EA-D778

INFSA-2024_10785

INFSA-2024_10787

INFSA-2024_10788

INFSA-2024_10791

INFSA-2024_10830

INFSA-2024_10831

INFSA-2024_10832

JLSEC-2026-47

MGASA-2024-0372

OESA-2024-2427

OESA-2024-2428

OESA-2024-2429

OESA-2024-2430

OESA-2024-2466

OESA-2024-2467

OESA-2024-2468

OESA-2024-2469

OESA-2025-1335

OPENSUSE-SU-2024:14501-1

OPENSUSE-SU-2024:14502-1

OPENSUSE-SU-2024:14503-1

OPENSUSE-SU-2024:14504-1

OPENSUSE-SU-2024:14505-1

OPENSUSE-SU-2024:14506-1

OPENSUSE-SU-2024_4063-1

OPENSUSE-SU-2024_4098-1

OPENSUSE-SU-2024_4099-1

OPENSUSE-SU-2024_4118-1

OPENSUSE-SU-2024_4173-1

OPENSUSE-SU-2024_4174-1

OPENSUSE-SU-2024_4175-1

OPENSUSE-SU-2024_4176-1

RHSA-2024:10785

RHSA-2024:10787

RHSA-2024:10788

RHSA-2024:10791

RHSA-2024:10830

RHSA-2024:10831

RHSA-2024:10832

RHSA-2024_10785

RHSA-2024_10787

RHSA-2024_10788

RHSA-2024_10791

RHSA-2024_10830

RHSA-2024_10831

RHSA-2024_10832

RLSA-2024:10785

RLSA-2024:10787

RLSA-2024:10788

RLSA-2024:10830

RLSA-2024:10831

RLSA-2024:10832

ROSA-SA-2025-2787

SUSE-SU-2024:4052-1

SUSE-SU-2024:4063-1

SUSE-SU-2024:4095-1

SUSE-SU-2024:4096-1

SUSE-SU-2024:4097-1

SUSE-SU-2024:4098-1

SUSE-SU-2024:4099-1

SUSE-SU-2024:4114-1

SUSE-SU-2024:4118-1

SUSE-SU-2024:4173-1

SUSE-SU-2024:4174-1

SUSE-SU-2024:4175-1

SUSE-SU-2024:4176-1

SUSE-SU-2024_4052-1

SUSE-SU-2024_4063-1

SUSE-SU-2024_4095-1

SUSE-SU-2024_4096-1

SUSE-SU-2024_4097-1

SUSE-SU-2024_4098-1

SUSE-SU-2024_4099-1

SUSE-SU-2024_4114-1

SUSE-SU-2024_4118-1

SUSE-SU-2024_4173-1

SUSE-SU-2024_4174-1

SUSE-SU-2024_4175-1

SUSE-SU-2024_4176-1

SUSE-SU-2025:01799-1

SUSE-SU-2025_01799-1

USN-7132-1

USN-7358-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Postgresql

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Zvirt Node

CVE-2024-10976

Weakness Enumeration

Related Identifiers

Affected Products

References · 199