Veracode Vulnerability DatabaseVERACODE:40812Information Disclosure
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
40.5%
postgresql is vulnerable to Information Disclosure. The vulnerability relates to a issue in function inlining where role specific policies can be executed other roles resulting in an incorrect policy which may permit a user to complete otherwise-forbidden reads and modifications.
References
access.redhat.com/security/cve/CVE-2023-2455
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/community.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/community.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/community.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/community.yaml
secdb.alpinelinux.org/v3.18/main.yaml
security.netapp.com/advisory/ntap-20230706-0006/
www.postgresql.org/support/security/CVE-2023-2455/
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
40.5%