Lucene search
FreeBSD4B636F50-F011-11ED-BBAE-6CC21735F730HistoryMay 11, 2023 - 12:00 a.m.
postgresql-server -- Row security policies disregard user ID changes after inlining
2023-05-1100:00:00
vuxml.freebsd.org
18
postgresql
security issue
row security
user id changes
policy
function inlining
cve-2016-2193
interaction
role-specific
security definer
create policy
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
62.0%
PostgreSQL Project reports
While CVE-2016-2193 fixed most interaction between row security and
user ID changes, it missed a scenario involving function
inlining. This leads to potentially incorrect policies being
applied in cases where role-specific policies are used and a
given query is planned under one role and then executed under
other roles. This scenario can happen under security definer
functions or when a common user and query is planned
initially and then re-used across multiple SET ROLEs.
Applying an incorrect policy may permit a user to complete
otherwise-forbidden reads and modifications. This affects
only databases that have used CREATE POLICY to define a row
security policy.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | postgresql-server | <Â 15.3 | UNKNOWN |
Related
cve
cve
CVE-2016-2193
2016-04-11 15:59:04
CVE-2023-2455
2023-06-09 19:15:09
cvelist
cvelist
CVE-2016-2193
2016-04-11 15:00:00
CVE-2023-2455
2023-06-09 00:00:00
nvd
nvd
CVE-2016-2193
2016-04-11 15:59:04
CVE-2023-2455
2023-06-09 19:15:09
postgresql
postgresql
Vulnerability in core server (CVE-2016-2193)
2016-04-11 15:59:00
ubuntucve
ubuntucve
CVE-2016-2193
2016-04-11 00:00:00
CVE-2023-2455
2023-05-12 00:00:00
prion
prion
Design/Logic Flaw
2016-04-11 15:59:00
Code injection
2023-06-09 19:15:00
osv
osv
BIT-postgresql-2023-2455
2024-03-06 11:03:24
CVE-2023-2455
2023-06-09 19:15:09
Moderate: postgresql:13 security update
2023-10-06 23:10:12
ibm
ibm
nessus
nessus
FreeBSD : postgresql-server -- Row security policies disregard user ID changes after inlining (4b636f50-f011-11ed-bbae-6cc21735f730)
2023-05-16 00:00:00
FreeBSD : PostgreSQL -- minor security problems. (97a24d2e-f74c-11e5-8458-6cc21735f730)
2016-04-01 00:00:00
PostgreSQL 9.5.x < 9.5.2 Multiple Vulnerabilities
2016-04-08 00:00:00
veracode
veracode
Information Disclosure
2023-06-07 01:36:32
kaspersky
kaspersky
KLA10790 Multiple vulnerabilities in PostgreSQL
2016-04-11 00:00:00
KLA49176 Multiple vulnerabilities in PostgreSQL
2023-05-11 00:00:00
openvas
openvas
PostgreSQL Multiple Vulnerabilities (Apr 2016) - Windows
2016-04-26 00:00:00
Mageia: Security Advisory (MGASA-2016-0136)
2016-05-09 00:00:00
PostgreSQL Multiple Vulnerabilities (Apr 2016) - Linux
2016-04-26 00:00:00
redhatcve
redhatcve
CVE-2023-2455
2023-05-16 11:23:39
debiancve
debiancve
CVE-2023-2455
2023-06-09 19:15:09
alpinelinux
alpinelinux
CVE-2023-2455
2023-06-09 19:15:09
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2016-04-13 20:39:04
Updated postgresql packages fix security vulnerability
2023-05-31 09:41:32
freebsd
freebsd
PostgreSQL -- minor security problems.
2016-03-01 00:00:00
almalinux
almalinux
Moderate: postgresql:15 security update
2023-07-31 00:00:00
Moderate: postgresql security update
2023-06-21 00:00:00
Moderate: postgresql:13 security update
2023-08-08 00:00:00
debian
debian
[SECURITY] [DLA 3422-1] postgresql-11 security update
2023-05-15 09:06:12
[SECURITY] [DSA 5401-1] postgresql-13 security update
2023-05-11 16:36:32
rocky
rocky
postgresql:10 security update
2023-08-28 18:40:52
postgresql:15 security update
2023-08-08 12:35:00
postgresql security update
2023-08-31 16:55:40
cloudfoundry
cloudfoundry
USN-6104-1: PostgreSQL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
oraclelinux
oraclelinux
postgresql security update
2023-06-22 00:00:00
postgresql:15 security update
2023-09-20 00:00:00
postgresql:13 security update
2023-08-10 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2023-05-24 00:00:00
redhat
redhat
(RHSA-2023:3714) Moderate: postgresql security update
2023-06-21 13:52:09
(RHSA-2023:4527) Moderate: postgresql:13 security update
2023-08-08 07:21:35
(RHSA-2023:4327) Moderate: postgresql:15 security update
2023-07-31 08:41:19
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0394
2023-05-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2359
2024-02-27 09:01:10
redos
redos
ROS-20240329-12
2024-03-29 00:00:00
ROS-20240329-11
2024-03-29 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
62.0%
Related for 4B636F50-F011-11ED-BBAE-6CC21735F730