Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Published

2023-08-11T13:15:09.963

Last Modified

2024-12-06T11:15:06.723

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

Weaknesses

Type: Primary
CWE-1220
Type: Secondary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	postgresql	postgresql	< 15.4	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	debian	debian_linux	12.0	Yes

References

https://access.redhat.com/errata/RHSA-2023:7785 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7883 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7884 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7885 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-39418 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2228112 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 Mailing List, Patch ([email protected])
https://www.postgresql.org/support/security/CVE-2023-39418/ Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7785 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7883 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7884 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7885 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-39418 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2228112 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230915-0002/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5553 (af854a3a-2127-422b-91ae-364da2661108)
https://www.postgresql.org/support/security/CVE-2023-39418/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)