FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2025-02-02 08:34:31 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 12e3feab-a29f-11ef-af48-6cc21735f730 | PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
PostgreSQL project reports:
Incorrect privilege assignment in PostgreSQL allows a
less-privileged application user to view or change
different rows from those intended. An attack requires
the application to use SET ROLE, SET SESSION
AUTHORIZATION, or an equivalent feature. The problem
arises when an application query uses parameters from
the attacker or conveys query results to the attacker.
If that query reacts to current_setting('role') or the
current user ID, it may modify or return data as though
the session had not used SET ROLE or SET SESSION
AUTHORIZATION. The attacker does not control which
incorrect user ID applies. Query text from
less-privileged sources is not a concern here, because
SET ROLE and SET SESSION AUTHORIZATION are not sandboxes
for unvetted queries
Discovery 2024-11-14
Entry 2024-11-14
postgresql17-server
< 17.1
postgresql16-server
< 16.5
postgresql15-server
< 15.9
postgresql14-server
< 14.14
postgresql13-server
< 13.17
postgresql12-server
< 12.21
CVE-2024-10978
https://www.postgresql.org/support/security/CVE-2024-10978/
|