Lucene search

[email protected]NVD:CVE-2023-22847

HistoryMar 07, 2023 - 1:15 a.m.

CVE-2023-22847

2023-03-0701:15:10

[email protected]

web.nvd.nist.gov

pg_ivm

information disclosure

incrementally maintainable materialized view

row-level security

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.

Affected configurations

Nvd

Node

sraosspg_ivmRange<1.5.1postgresql

VendorProductVersionCPE
sraosspg_ivm*cpe:2.3:a:sraoss:pg_ivm:*:*:*:*:*:postgresql:*:*

Vendor	Product	Version	CPE
sraoss	pg_ivm	*	cpe:2.3:a:sraoss:pg_ivm::::::postgresql::*

References

github.com/sraoss/pg_ivm

github.com/sraoss/pg_ivm/releases/tag/v1.5.1

jvn.jp/en/jp/JVN19872280/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for NVD:CVE-2023-22847

prion1 cve1 osv1 cvelist1 jvn1