CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.postgresql.org/support/security/CVE-2024-10979/	Vendor Advisory
https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md	Exploit Mitigation Third Party Advisory
https://security.netapp.com/advisory/ntap-20250110-0003/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

History

11 Feb 2025, 21:27

Type	Values Removed	Values Added
References	~~() https://www.postgresql.org/support/security/CVE-2024-10979/ -~~	() https://www.postgresql.org/support/security/CVE-2024-10979/ - Vendor Advisory
References	~~() https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md -~~	() https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md - Exploit, Mitigation, Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20250110-0003/ -~~	() https://security.netapp.com/advisory/ntap-20250110-0003/ - Third Party Advisory
CWE		CWE-610
First Time		Postgresql Postgresql postgresql
CPE		cpe:2.3:a:postgresql:postgresql::::::::

10 Jan 2025, 13:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20250110-0003/ -

25 Nov 2024, 05:15

Type	Values Removed	Values Added
References		() https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md -

15 Nov 2024, 13:58

Type	Values Removed	Values Added
Summary		(es) El control incorrecto de las variables de entorno en PostgreSQL PL/Perl permite que un usuario de base de datos sin privilegios modifique variables de entorno de proceso sensibles (por ejemplo, PATH). Esto suele ser suficiente para permitir la ejecución de código arbitrario, incluso si el atacante no tiene un usuario del sistema operativo del servidor de base de datos. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas.

14 Nov 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-14 13:15

Updated : 2025-02-11 21:27

NVD link : CVE-2024-10979

Mitre link : CVE-2024-10979

CVE.ORG link : CVE-2024-10979

JSON object : View

Products Affected

postgresql

postgresql

CWE

CWE-15

External Control of System or Configuration Setting

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

{"id": "CVE-2024-10979", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-14T13:15:04.407", "references": [{"url": "https://www.postgresql.org/support/security/CVE-2024-10979/", "tags": ["Vendor Advisory"], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}, {"url": "https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250110-0003/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "description": [{"lang": "en", "value": "CWE-15"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-610"}]}], "descriptions": [{"lang": "en", "value": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."}, {"lang": "es", "value": "El control incorrecto de las variables de entorno en PostgreSQL PL/Perl permite que un usuario de base de datos sin privilegios modifique variables de entorno de proceso sensibles (por ejemplo, PATH). Esto suele ser suficiente para permitir la ejecuci\u00f3n de c\u00f3digo arbitrario, incluso si el atacante no tiene un usuario del sistema operativo del servidor de base de datos. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."}], "lastModified": "2025-02-11T21:27:49.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "433D59A0-8811-4DDB-A9F7-D85C62F905CC", "versionEndExcluding": "12.21", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "380F8048-FBE5-4606-93A3-915CFD229317", "versionEndExcluding": "13.17", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACF31C7-3B20-4BAE-A596-9C59D67406D8", "versionEndExcluding": "14.14", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF12F1A2-3179-4DAC-B728-038B94954DC7", "versionEndExcluding": "15.9", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "353CBD91-FC28-4DA3-B79A-F4F4DC80FA93", "versionEndExcluding": "16.5", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCEB2049-EB8A-4703-B3FF-FC641623ED2C", "versionEndExcluding": "17.1", "versionStartIncluding": "17.0"}], "operator": "OR"}]}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}

8.8 /10