Lucene search
RedhatCVELIST:CVE-2023-2455HistoryJun 09, 2023 - 12:00 a.m.
CVE-2023-2455
2023-06-0900:00:00
CWE-20
redhat
www.cve.org
4
postgresql
security definer
create policy
role-specific policies
set role
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
CNA Affected
[
{
"vendor": "n/a",
"product": "postgresql",
"versions": [
{
"version": "PostgreSQL 15.3, PostgreSQL 14.8, PostgreSQL 13.11, PostgreSQL 12.15, PostgreSQL 11.20",
"status": "affected"
}
]
}
]Related
redhatcve
redhatcve
CVE-2023-2455
2023-05-16 11:23:39
osv
osv
CVE-2023-2455
2023-06-09 19:15:09
BIT-postgresql-2023-2455
2024-03-06 11:03:24
postgresql-11 - security update
2023-05-15 00:00:00
debiancve
debiancve
CVE-2023-2455
2023-06-09 19:15:09
ubuntucve
ubuntucve
CVE-2023-2455
2023-05-12 00:00:00
veracode
veracode
Information Disclosure
2023-06-07 01:36:32
nessus
nessus
FreeBSD : postgresql-server -- Row security policies disregard user ID changes after inlining (4b636f50-f011-11ed-bbae-6cc21735f730)
2023-05-16 00:00:00
SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2023:2202-1)
2023-05-16 00:00:00
Oracle Linux 8 : postgresql:10 (ELSA-2023-4539)
2023-08-15 00:00:00
alpinelinux
alpinelinux
CVE-2023-2455
2023-06-09 19:15:09
prion
prion
Code injection
2023-06-09 19:15:00
ibm
ibm
nvd
nvd
CVE-2023-2455
2023-06-09 19:15:09
cve
cve
CVE-2023-2455
2023-06-09 19:15:09
rocky
rocky
postgresql:13 security update
2023-10-06 23:10:12
postgresql:10 security update
2023-08-28 18:40:52
postgresql security update
2023-08-31 16:55:40
almalinux
almalinux
Moderate: postgresql:13 security update
2023-08-08 00:00:00
Moderate: postgresql security update
2023-06-21 00:00:00
Moderate: postgresql:10 security update
2023-08-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2205-1)
2023-05-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2219-1)
2023-05-17 00:00:00
Mageia: Security Advisory (MGASA-2023-0187)
2023-06-01 00:00:00
redhat
redhat
(RHSA-2023:3714) Moderate: postgresql security update
2023-06-21 13:52:09
(RHSA-2023:4327) Moderate: postgresql:15 security update
2023-07-31 08:41:19
(RHSA-2023:4527) Moderate: postgresql:13 security update
2023-08-08 07:21:35
freebsd
freebsd
oraclelinux
oraclelinux
15 security update
2023-08-02 00:00:00
postgresql:10 security update
2023-08-11 00:00:00
postgresql:13 security update
2023-08-10 00:00:00
kaspersky
kaspersky
KLA49176 Multiple vulnerabilities in PostgreSQL
2023-05-11 00:00:00
cloudfoundry
cloudfoundry
USN-6104-1: PostgreSQL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
debian
debian
[SECURITY] [DSA 5401-1] postgresql-13 security update
2023-05-11 16:36:32
[SECURITY] [DLA 3422-1] postgresql-11 security update
2023-05-15 09:06:31
ubuntu
ubuntu
PostgreSQL vulnerabilities
2023-05-24 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerability
2023-05-31 09:41:32
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0394
2023-05-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2359
2024-02-27 09:01:10
redos
redos
ROS-20240329-12
2024-03-29 00:00:00
ROS-20240329-11
2024-03-29 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00