Lucene search

PRIOn knowledge basePRION:CVE-2023-39418

HistoryAug 11, 2023 - 1:15 p.m.

Command injection

2023-08-1113:15:00

PRIOn knowledge base

www.prio-n.com

postgresql

vulnerability

merge command

security policies

nvd

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

CPENameOperatorVersion
debian_linuxeq12.0
postgresqlge15.0
postgresqllt15.4
enterprise_linuxeq8.0
enterprise_linuxeq9.0

Name	Operator	Version
debian_linux	eq	12.0
postgresql	ge	15.0
postgresql	lt	15.4
enterprise_linux	eq	8.0
enterprise_linux	eq	9.0

References

access.redhat.com/errata/RHSA-2023:7785

access.redhat.com/errata/RHSA-2023:7883

access.redhat.com/errata/RHSA-2023:7884

access.redhat.com/errata/RHSA-2023:7885

access.redhat.com/security/cve/CVE-2023-39418

bugzilla.redhat.com/show_bug.cgi?id=2228112

git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

security.netapp.com/advisory/ntap-20230915-0002/

www.debian.org/security/2023/dsa-5553

www.postgresql.org/support/security/CVE-2023-39418/