CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:7785	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7883	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7884	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7885	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-39418	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2228112	Issue Tracking Patch Third Party Advisory
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229	Mailing List Patch
https://security.netapp.com/advisory/ntap-20230915-0002/	Third Party Advisory
https://www.debian.org/security/2023/dsa-5553	Third Party Advisory
https://www.postgresql.org/support/security/CVE-2023-39418/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-11 13:15

Updated : 2024-02-16 13:57

NVD link : CVE-2023-39418

Mitre link : CVE-2023-39418

CVE.ORG link : CVE-2023-39418

JSON object : View

Products Affected

debian

debian_linux

postgresql

postgresql

redhat

enterprise_linux

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-39418", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2023-08-11T13:15:09.963", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7785", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-39418", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228112", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229", "tags": ["Mailing List", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230915-0002/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.debian.org/security/2023/dsa-5553", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/support/security/CVE-2023-39418/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en PostgreSQL con el uso del comando MERGE, que no puede probar nuevas filas con las pol\u00edticas de seguridad de filas definidas para ACTUALIZAR y SELECCIONAR. Si las pol\u00edticas ACTUALIZAR y SELECCIONAR proh\u00edben algunas filas que las pol\u00edticas INSERTAR no proh\u00edben, un usuario podr\u00eda almacenar dichas filas."}], "lastModified": "2024-02-16T13:57:03.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3263C456-8C2D-4069-AE64-8B55212B45DD", "versionEndExcluding": "15.4", "versionStartIncluding": "15.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}