Lucene search
K

26 matches found

CVE
CVE
added 2023/08/11 12:19 p.m.330 views

CVE-2023-39418

CVE-2023-39418 affects PostgreSQL: the MERGE command can bypass row security policies for UPDATE and SELECT, allowing insertion of rows that should be disallowed when policies conflict. Public advisories (Debian, Red Hat, AlmaLinux, Canonical/Ubuntu, Cloud Foundry) confirm a fix is available in p...

4.3CVSS6AI score0.00964EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2023/08/11 12:19 p.m.28 views

CVE-2023-39418 Postgresql: merge fails to enforce update or select row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

3.1CVSS6.5AI score0.00964EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2023/08/11 12:19 p.m.40 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS5.8AI score0.00964EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/08/11 6:19 a.m.42 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

3.1CVSS6.2AI score0.00964EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/08/11 12:0 a.m.23 views

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS6.7AI score0.00964EPSS
Exploits0References7
PostrgeSql
PostrgeSql
added 2023/08/10 12:0 a.m.47 views

Vulnerability in core server (CVE-2023-39418)

MERGE fails to enforce UPDATE or SELECT row security policies PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store...

4.3CVSS6.6AI score0.00964EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder