Lucene search

JpcertCVE-2023-22847

HistoryMar 07, 2023 - 1:15 a.m.

CVE-2023-22847

2023-03-0701:15:10

jpcert

web.nvd.nist.gov

cve-2023-22847

information disclosure

pg_ivm

vulnerability

incrementally maintainable materialized view

immv

row-level security

unauthorized access

nvd

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.

Affected configurations

Nvd

Vulners

Node

sraosspg_ivmRange<1.5.1postgresql

VendorProductVersionCPE
sraosspg_ivm*cpe:2.3:a:sraoss:pg_ivm:*:*:*:*:*:postgresql:*:*

Vendor	Product	Version	CPE
sraoss	pg_ivm	*	cpe:2.3:a:sraoss:pg_ivm::::::postgresql::*

CNA Affected

[
  {
    "vendor": "IVM Development Group",
    "product": "pg_ivm",
    "versions": [
      {
        "version": "versions prior to 1.5.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/sraoss/pg_ivm

github.com/sraoss/pg_ivm/releases/tag/v1.5.1

jvn.jp/en/jp/JVN19872280/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for CVE-2023-22847