AZL-53209 CVE-2024-10978 affecting package postgresql for versions less than 16.5-1

🗓️ 14 Nov 2024 13:15:04Reported by GoogleType

osv

osv🔗 osv.dev

PostgreSQL misassignment lets a less-privileged user access rows when role switching is used.

Reporter	Title	Published	Views	Family All 297
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Protection is affected by a PostgreSQL vulnerability (CVE-2024-10979, CVE-2024-10976, CVE-2024-10978).	19 Jun 202505:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	26 Mar 202504:11	–	ibm
IBM Security Bulletins	Security Bulletin: for Multiple CVEs : CVE-2024-10976 , CVE-2025-4207, CVE-2023-5870 and CVE-2025-1094	29 Oct 202510:29	–	ibm
IBM Security Bulletins	Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	24 Mar 202618:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10978	29 Jan 202503:14	–	ibm
FreeBSD	PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID	14 Nov 202400:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2024-786)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)	23 Dec 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-10978

21 Apr 2026 04:33Current

7.2High risk

Vulners AI Score7.2

CVSS 3.14.2

EPSS0.00613

PostgreSQL privilege misassignment role switching set role current setting affected versions