Lucene search
PRIOn knowledge basePRION:CVE-2023-2455HistoryJun 09, 2023 - 7:15 p.m.
Code injection
2023-06-0919:15:00
PRIOn knowledge base
www.prio-n.com
12
code injection
security policies
postgresql
row security
create policy
incorrect policies
set role
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 38 | |
| postgresql | ge | 15.0 | |
| postgresql | lt | 15.3 | |
| postgresql | ge | 14.0 | |
| postgresql | lt | 14.8 | |
| postgresql | ge | 13.0 | |
| postgresql | lt | 13.11 | |
| postgresql | ge | 12.0 | |
| postgresql | lt | 12.15 | |
| postgresql | ge | 11.0 |
Related
osv
osv
BIT-postgresql-2023-2455
2024-03-06 11:03:24
CVE-2023-2455
2023-06-09 19:15:09
Moderate: postgresql:13 security update
2023-10-06 23:10:12
ibm
ibm
cvelist
cvelist
CVE-2023-2455
2023-06-09 00:00:00
nvd
nvd
CVE-2023-2455
2023-06-09 19:15:09
cve
cve
CVE-2023-2455
2023-06-09 19:15:09
nessus
nessus
FreeBSD : postgresql-server -- Row security policies disregard user ID changes after inlining (4b636f50-f011-11ed-bbae-6cc21735f730)
2023-05-16 00:00:00
SUSE SLES15 Security Update : postgresql12 (SUSE-SU-2023:2198-1)
2023-05-16 00:00:00
SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2023:2201-1)
2023-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2023-2455
2023-05-12 00:00:00
veracode
veracode
Information Disclosure
2023-06-07 01:36:32
redhatcve
redhatcve
CVE-2023-2455
2023-05-16 11:23:39
debiancve
debiancve
CVE-2023-2455
2023-06-09 19:15:09
alpinelinux
alpinelinux
CVE-2023-2455
2023-06-09 19:15:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2200-1)
2023-05-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2202-1)
2023-05-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2201-1)
2023-05-16 00:00:00
debian
debian
[SECURITY] [DLA 3422-1] postgresql-11 security update
2023-05-15 09:06:12
[SECURITY] [DSA 5401-1] postgresql-13 security update
2023-05-11 16:36:32
almalinux
almalinux
Moderate: postgresql:15 security update
2023-07-31 00:00:00
Moderate: postgresql security update
2023-06-21 00:00:00
Moderate: postgresql:13 security update
2023-08-08 00:00:00
rocky
rocky
postgresql:10 security update
2023-08-28 18:40:52
postgresql:15 security update
2023-08-08 12:35:00
postgresql security update
2023-08-31 16:55:40
cloudfoundry
cloudfoundry
USN-6104-1: PostgreSQL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerability
2023-05-31 09:41:32
oraclelinux
oraclelinux
postgresql security update
2023-06-22 00:00:00
postgresql:15 security update
2023-09-20 00:00:00
postgresql:13 security update
2023-08-10 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2023-05-24 00:00:00
redhat
redhat
(RHSA-2023:3714) Moderate: postgresql security update
2023-06-21 13:52:09
(RHSA-2023:4527) Moderate: postgresql:13 security update
2023-08-08 07:21:35
(RHSA-2023:4327) Moderate: postgresql:15 security update
2023-07-31 08:41:19
freebsd
freebsd
kaspersky
kaspersky
KLA49176 Multiple vulnerabilities in PostgreSQL
2023-05-11 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0394
2023-05-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2359
2024-02-27 09:01:10
redos
redos
ROS-20240329-12
2024-03-29 00:00:00
ROS-20240329-11
2024-03-29 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00