Vulnerabilities > CVE-2023-2455

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

postgresql

redhat

fedoraproject

NVD

Published: 2023-06-09

Updated: 2023-07-06

Summary

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql 15.0 Postgresql Postgresql 15.1 Postgresql Postgresql 15.2 Postgresql Postgresql 14.0 Postgresql Postgresql 14.1 Postgresql Postgresql 14.2 Postgresql Postgresql 14.3 Postgresql Postgresql 14.4 Postgresql Postgresql 14.5 Postgresql Postgresql 14.6 Postgresql Postgresql 14.7 Postgresql Postgresql 13.0 Postgresql Postgresql 13.1 Postgresql Postgresql 13.2 Postgresql Postgresql 13.3 Postgresql Postgresql 13.4 Postgresql Postgresql 13.5 Postgresql Postgresql 13.6 Postgresql Postgresql 13.7 Postgresql Postgresql 13.8 Postgresql Postgresql 13.9 Postgresql Postgresql 13.10 Postgresql Postgresql 12.0 Postgresql Postgresql 12.1 Postgresql Postgresql 12.2 Postgresql Postgresql 12.3 Postgresql Postgresql 12.4 Postgresql Postgresql 12.5 Postgresql Postgresql 12.6 Postgresql Postgresql 12.7 Postgresql Postgresql 12.8 Postgresql Postgresql 12.9 Postgresql Postgresql 12.10 Postgresql Postgresql 12.11 Postgresql Postgresql 12.12 Postgresql Postgresql 12.13 Postgresql Postgresql 12.14 Postgresql Postgresql 11.0 Postgresql Postgresql 11.1 Postgresql Postgresql 11.2 Postgresql Postgresql 11.3 Postgresql Postgresql 11.4 Postgresql Postgresql 11.5 Postgresql Postgresql 11.6 Postgresql Postgresql 11.7 Postgresql Postgresql 11.8 Postgresql Postgresql 11.9 Postgresql Postgresql 11.10 Postgresql Postgresql 11.11 Postgresql Postgresql 11.12 Postgresql Postgresql 11.13 Postgresql Postgresql 11.14 Postgresql Postgresql 11.15 Postgresql Postgresql 11.16 Postgresql Postgresql 11.17 Postgresql Postgresql 11.18 Postgresql Postgresql 11.19	57
Application	Redhat Redhat Software Collections -	1
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2
OS	Fedoraproject Fedoraproject Fedora 38	1

Vulnerabilities > CVE-2023-2455 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-2455"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-2455