High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure.

The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.

Environment variables are user-defined values that can allow a program to dynamically fetch various kinds of information, such as access keys and software installation paths, during runtime without having to hard-code them. In certain operating systems, they are initialized during the startup phase.

See more
The Hackers News: https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html

Hackread:
https://hackread.com/postgresql-vulnerability-puts-databases-at-risk/

#cybersecurity #postgres