Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-39418

Опубликовано: 11 авг. 2023
Источник: debian

Описание

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
postgresql-15fixed15.4-1package
postgresql-13not-affectedpackage
postgresql-11not-affectedpackage

Примечания

  • https://www.postgresql.org/support/security/CVE-2023-39418/

  • https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/

  • https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 (REL_15_4)

Связанные уязвимости

ubuntu логотип

CVE-2023-39418

CVSS3: 3.1
ubuntu
около 2 лет назад

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

redhat логотип

CVE-2023-39418

CVSS3: 3.1
redhat
около 2 лет назад

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

nvd логотип

CVE-2023-39418

CVSS3: 3.1
nvd
около 2 лет назад

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

github логотип

GHSA-chgx-7cw3-hr55

CVSS3: 3.1
github
около 2 лет назад

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

fstec логотип

BDU:2023-04768

CVSS3: 3.1
fstec
больше 2 лет назад

Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю читать и обновлять защищенные данные