Lucene search
FreeBSD59A43A73-3786-11EE-94B4-6CC21735F730HistoryAug 10, 2023 - 12:00 a.m.
postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies
2023-08-1000:00:00
vuxml.freebsd.org
11
postgresql
15
merge
command
fails
enforce
update
select
row
security
policies
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
36.3%
PostgreSQL Project reports
PostgreSQL 15 introduced the MERGE command, which fails to test
new rows against row security policies defined for UPDATE and
SELECT. If UPDATE and SELECT policies forbid some row that
INSERT policies do not forbid, a user could store such rows.
Subsequent consequences are application-dependent. This
affects only databases that have used CREATE POLICY to define
a row security policy.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | postgresql-server | < 15.4 | UNKNOWN |
Related
cvelist
cvelist
openvas
openvas
PostgreSQL 15.x < 15.4 MERGE Vulnerability - Linux
2023-08-14 00:00:00
PostgreSQL 15.x < 15.4 MERGE Vulnerability - Windows
2023-08-14 00:00:00
Mageia: Security Advisory (MGASA-2023-0261)
2023-09-11 00:00:00
redhatcve
redhatcve
CVE-2023-39418
2023-08-11 06:19:28
nessus
nessus
osv
osv
BIT-postgresql-2023-39418
2024-03-06 11:03:03
CVE-2023-39418
2023-08-11 13:15:09
postgresql-12, postgresql-14, postgresql-15 vulnerabilities
2023-08-17 11:56:22
kaspersky
kaspersky
KLA52239 RCE vulnerability in PostgreSQL
2023-08-10 00:00:00
debiancve
debiancve
CVE-2023-39418
2023-08-11 13:15:09
alpinelinux
alpinelinux
CVE-2023-39418
2023-08-11 13:15:09
nvd
nvd
CVE-2023-39418
2023-08-11 13:15:09
ubuntucve
ubuntucve
CVE-2023-39418
2023-08-11 00:00:00
ibm
ibm
prion
prion
Command injection
2023-08-11 13:15:00
veracode
veracode
Denial Of Service (DoS)
2023-08-16 00:26:29
cve
cve
CVE-2023-39418
2023-08-11 13:15:09
ubuntu
ubuntu
PostgreSQL vulnerabilities
2023-08-17 00:00:00
cloudfoundry
cloudfoundry
USN-6296-1: PostgreSQL vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerability
2023-09-11 16:07:54
redos
redos
ROS-20240329-14
2024-03-29 00:00:00
redhat
redhat
(RHSA-2023:7885) Important: postgresql:15 security update
2023-12-20 09:19:18
(RHSA-2023:7884) Important: postgresql:15 security update
2023-12-20 09:19:17
(RHSA-2023:7785) Important: postgresql:15 security update
2023-12-13 14:48:30
oraclelinux
oraclelinux
postgresql:15 security update
2023-12-20 00:00:00
postgresql:15 security update
2023-12-13 00:00:00
rocky
rocky
postgresql:15 security update
2024-01-09 04:08:12
debian
debian
[SECURITY] [DSA 5553-1] postgresql-15 security update
2023-11-13 21:15:25
almalinux
almalinux
Important: postgresql:15 security update
2023-12-20 00:00:00
Important: postgresql:15 security update
2023-12-13 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
36.3%
Related for 59A43A73-3786-11EE-94B4-6CC21735F730