Vulnerabilities > CVE-2023-22847 - Unspecified vulnerability in Sraoss PG IVM

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sraoss

NVD

Published: 2023-03-07

Updated: 2023-03-14

Summary

Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.

Vulnerable Configurations

Part	Description	Count
Application	Sraoss Sraoss PG IVM - Sraoss PG IVM 1.0 Sraoss PG IVM 1.1 Sraoss PG IVM 1.2 Sraoss PG IVM 1.3 Sraoss PG IVM 1.4 Sraoss PG IVM 1.4.1 Sraoss PG IVM 1.5	9

References

https://github.com/sraoss/pg_ivm
https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1
https://jvn.jp/en/jp/JVN19872280/