Red Hat: CVE-2024-10976: postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes (Multiple Advisories)

Red Hat: CVE-2024-10976: postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes (Multiple Advisories)

Severity

4

CVSS

(AV:N/AC:H/Au:S/C:P/I:P/A:N)

Published

11/14/2024

Created

02/11/2025

Added

02/10/2025

Modified

02/14/2025

Description

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.This has the same consequences as the two earlier CVEs.That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.This affects only databases that have used CREATE POLICY to define a row security policy.An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Solution(s)

• redhat-upgrade-pg_repack
• redhat-upgrade-pg_repack-debuginfo
• redhat-upgrade-pg_repack-debugsource
• redhat-upgrade-pgaudit
• redhat-upgrade-pgaudit-debuginfo
• redhat-upgrade-pgaudit-debugsource
• redhat-upgrade-pgvector
• redhat-upgrade-pgvector-debuginfo
• redhat-upgrade-pgvector-debugsource
• redhat-upgrade-postgres-decoderbufs
• redhat-upgrade-postgres-decoderbufs-debuginfo
• redhat-upgrade-postgres-decoderbufs-debugsource
• redhat-upgrade-postgresql
• redhat-upgrade-postgresql-contrib
• redhat-upgrade-postgresql-contrib-debuginfo
• redhat-upgrade-postgresql-debuginfo
• redhat-upgrade-postgresql-debugsource
• redhat-upgrade-postgresql-docs
• redhat-upgrade-postgresql-docs-debuginfo
• redhat-upgrade-postgresql-plperl
• redhat-upgrade-postgresql-plperl-debuginfo
• redhat-upgrade-postgresql-plpython3
• redhat-upgrade-postgresql-plpython3-debuginfo
• redhat-upgrade-postgresql-pltcl
• redhat-upgrade-postgresql-pltcl-debuginfo
• redhat-upgrade-postgresql-private-devel
• redhat-upgrade-postgresql-private-libs
• redhat-upgrade-postgresql-private-libs-debuginfo
• redhat-upgrade-postgresql-server
• redhat-upgrade-postgresql-server-debuginfo
• redhat-upgrade-postgresql-server-devel
• redhat-upgrade-postgresql-server-devel-debuginfo
• redhat-upgrade-postgresql-static
• redhat-upgrade-postgresql-test
• redhat-upgrade-postgresql-test-debuginfo
• redhat-upgrade-postgresql-test-rpm-macros
• redhat-upgrade-postgresql-upgrade
• redhat-upgrade-postgresql-upgrade-debuginfo
• redhat-upgrade-postgresql-upgrade-devel
• redhat-upgrade-postgresql-upgrade-devel-debuginfo

References

• CVE-2024-10976
• RHSA-2024:10785
• RHSA-2024:10787
• RHSA-2024:10788
• RHSA-2024:10791
• RHSA-2024:10830
• RHSA-2024:10831
• RHSA-2024:10832

View more