BIT-postgresql-2023-2455

2024-03-0611:03:24

Google

osv.dev

postgresql

security policies

user id

role-specific policies

query planning

execution

create policy

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

CPENameOperatorVersion
postgresqlge15.0.0
postgresqllt14.8.0
postgresqlge14.0.0
postgresqlge12.0.0
postgresqllt13.11.0
postgresqlge13.0.0
postgresqllt15.3.0
postgresqllt12.15.0
postgresqlge11.0.0
postgresqllt11.20.0

Name	Operator	Version
postgresql	ge	15.0.0
postgresql	lt	14.8.0
postgresql	ge	14.0.0
postgresql	ge	12.0.0
postgresql	lt	13.11.0
postgresql	ge	13.0.0
postgresql	lt	15.3.0
postgresql	lt	12.15.0
postgresql	ge	11.0.0
postgresql	lt	11.20.0