CVE-2024-10979

Published Nov 14, 2024

Last updated 2 days ago

CVSS high 8.8

Overview

Description
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CWE-15

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. PostgreSQL vulnerability - CVE-2024-10979 https://t.co/TKBaIr9nnT

    @kayosoufiane

    17 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21 https://t.co/ED0Y9JmSRA CVE-2024-10979 PostgreSQL PL/Perl environment variable changes execute arbitrary code, CVSS 8.8 CVE-2024-10978 PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID, CVSS 4.2

    @oss_security

    16 Nov 2024

    411 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. PostgreSQL fixes CVE-2024-10979 #PostgreSQL #CVE-2024-10979 https://t.co/we62hkBBig

    @pravin_karthik

    16 Nov 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. PostgreSQLの最新バージョンで重大な脆弱性(CVE-2024-10979)が発見されました。この脆弱性により、特権のないユーザーが環境変数を不正に変更し、任意のコードを実行することが可能になります。迅速な対応が求められています。 #PostgreSQL #脆弱性 https://t.co/IdvSSk67yW

    @innovaTopia_JP

    16 Nov 2024

    76 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Threat Alert: 8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk - #CVE-2024-10979 CVE-2024-10979 Severity: 🔴 High Maturity: 🧨 Trending Learn more: https://t.co/wRDm41hV7G #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    16 Nov 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Critical PostgreSQL Vulnerability Alert! CVE-2024-10979 (CVSS 8.8) allows unprivileged users to alter environment variables, leading to code execution or data leaks. Update now to patched versions: 17.1, 16.5, 15.9, 14.14, 13.17, 12.21. #CyberSecurity #PostgreSQL #Hacking #bug

    @safeyourweb

    16 Nov 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. PostgreSQLの深刻な脆弱性が修正された。CVE-2024-10979はCVSSスコア8.8で、非特権ユーザーが環境変数を書き換え可能のもの。PATHを書き換えることによる任意コード実行や(環境変数内の)価値ある情報窃取等の可能性。詳細はパッチ適用時間を稼ぐため非開示。 https://t.co/lEVBGjgn2G

    @__kokumoto

    15 Nov 2024

    2046 Impressions

    8 Retweets

    34 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Descubierta una vulnerabilidad de alta gravedad (CVE-2024-10979) en PostgreSQL, que permite a usuarios sin privilegios alterar las variables de entorno, lo que lleva a una posible ejecución de código o fugas de información https://t.co/bGIjGncyYS https://t.co/da4K6ClR3K

    @elhackernet

    15 Nov 2024

    12942 Impressions

    91 Retweets

    255 Likes

    55 Bookmarks

    1 Reply

    0 Quotes

  9. Reproducing CVE-2024-10979: A Step-by-Step Guide https://t.co/R5Z3ChMTqO

    @_r_netsec

    15 Nov 2024

    759 Impressions

    5 Retweets

    10 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  10. TheHackersNews: ⚠️ Researchers have identified a high-severity #vulnerability (CVE-2024-10979) in PostgreSQL, allowing unprivileged users to alter environment variables, leading to potential code execution or information leaks. Read: https://t.co/yPVaDBIxVq #Cybersecurity #Vu…

    @jvquantum

    15 Nov 2024

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ⚠️ Researchers have identified a high-severity #vulnerability (CVE-2024-10979) in PostgreSQL, allowing unprivileged users to alter environment variables, leading to potential code execution or information leaks. Read: https://t.co/Wd53OAVf3f... https://t.co/x5hxVvzd6T

    @IT_news_for_all

    15 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ⚠️ Researchers have identified a high-severity #vulnerability (CVE-2024-10979) in PostgreSQL, allowing unprivileged users to alter environment variables, leading to potential code execution or information leaks. Read: https://t.co/jZDOxjh1Pa #Cybersecurity #Vulnerability

    @TheHackersNews

    15 Nov 2024

    12962 Impressions

    43 Retweets

    79 Likes

    14 Bookmarks

    1 Reply

    5 Quotes

  13. CVE-2024-10979 Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). … https://t.co/aJ36vo5Bzb

    @CVEnew

    14 Nov 2024

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References