CVE-2023-39418

Severity

43%

Complexity

27%

Confidentiality

23%

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

CVSS 3.1 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Overview

First reported 1 year ago

2023-08-11 13:15:00

Last updated 1 year ago

2023-12-20 15:15:00

Affected Software

PostgreSQL

Red Hat Enterprise Linux 8.0

8.0

References

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

https://access.redhat.com/security/cve/CVE-2023-39418

https://www.postgresql.org/support/security/CVE-2023-39418/

https://bugzilla.redhat.com/show_bug.cgi?id=2228112

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

Mailing List, Patch

https://access.redhat.com/security/cve/CVE-2023-39418

Third Party Advisory

https://www.postgresql.org/support/security/CVE-2023-39418/

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2228112

Issue Tracking, Patch, Third Party Advisory

https://security.netapp.com/advisory/ntap-20230915-0002/

https://www.debian.org/security/2023/dsa-5553

RHSA-2023:7785

RHSA-2023:7883

RHSA-2023:7884

RHSA-2023:7885

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.