Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-39418

Опубликовано: 10 авг. 2023
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Отчет

This vulnerability introduced with the use of MERGE Command in PostgreSQL 15 and only affects the databases that have used CREATE POLICY to define a row security policy.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6postgresqlNot affected
Red Hat Enterprise Linux 7postgresqlNot affected
Red Hat Enterprise Linux 8postgresql:10/postgresqlNot affected
Red Hat Enterprise Linux 8postgresql:12/postgresqlNot affected
Red Hat Enterprise Linux 8postgresql:13/postgresqlNot affected
Red Hat Enterprise Linux 9postgresqlNot affected
Red Hat Software Collectionsrh-postgresql10-postgresqlNot affected
Red Hat Software Collectionsrh-postgresql12-postgresqlNot affected
Red Hat Software Collectionsrh-postgresql13-postgresqlNot affected
Red Hat Enterprise Linux 8postgresqlFixedRHSA-2023:788420.12.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-1220
https://bugzilla.redhat.com/show_bug.cgi?id=2228112postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

EPSS

Процентиль: 62%
0.00439
Низкий

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-39418

CVSS3: 3.1
ubuntu
почти 2 года назад

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

nvd логотип

CVE-2023-39418

CVSS3: 3.1
nvd
почти 2 года назад

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

debian логотип

CVE-2023-39418

CVSS3: 3.1
debian
почти 2 года назад

A vulnerability was found in PostgreSQL with the use of the MERGE comm ...

github логотип

GHSA-chgx-7cw3-hr55

CVSS3: 3.1
github
почти 2 года назад

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

fstec логотип

BDU:2023-04768

CVSS3: 3.1
fstec
почти 2 года назад

Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю читать и обновлять защищенные данные

EPSS

Процентиль: 62%
0.00439
Низкий

3.1 Low

CVSS3