postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes

A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...

PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes

PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...

SUSE CVE-2007-2692

The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...

GaussDB Kernel: Controlling the Permission to Execute the SECURITY INVOKER Function

The SECURITY INVOKER function is executed with the permissions of the invoker. Before invoking a function not created by yourself, check the function content to prevent the function creator from performing unauthorized operations with your Permissions. Copyright C 2020 Greenbone Networks GmbH Som...

openGauss: Controlling the Permission to Execute the SECURITY INVOKER Function

The SECURITY INVOKER function is executed with the permissions of the invoker. Before invoking such a function not created by yourself, check the function content to prevent the function creator from performing unauthorized operations with your permissions. Copyright C 2020 Greenbone Networks Gmb...

mysql SECURITY INVOKER functions do not drop privileges

The mysqlchangedb function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::dbaccess privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges...