Showing 1 - 9 of 9

CVE-2023-2455

Status Candidate

Overview

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

Related Files

Red Hat Security Advisory 2023-5269-01: Posted Sep 19, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5269-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | 0bc0d9a60fdfcda899dc4b188ea513db2270ece612fcec958ab317490e650c83; Download | Favorite | View

Red Hat Security Advisory 2023-4539-01: Posted Aug 8, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4539-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | 4492727b610b193728ddfd73abfdc3f4792530283ba77b397c75d148b3f29e29; Download | Favorite | View

Red Hat Security Advisory 2023-4535-01: Posted Aug 8, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4535-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-41862, CVE-2023-2454, CVE-2023-2455; SHA-256 | bb0d93dc4642fdfdca0f3a521e54d8fafc5d8a05d94ed117e60752d51d43bb29; Download | Favorite | View

Red Hat Security Advisory 2023-4527-01: Posted Aug 8, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4527-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | 224d7a7ab3268b731ca5e1b6146c6fc24f536b48dce67839bd62d8aa4f6246e2; Download | Favorite | View

Red Hat Security Advisory 2023-4327-01: Posted Jul 31, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4327-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | b013da621e2a35673a4c41b75156e397dc143aa0b39b11a9f369552834ab04a1; Download | Favorite | View

Red Hat Security Advisory 2023-4313-01: Posted Jul 28, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4313-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | d6e56520302f2d64d01c51e0a97b335e8167485a0078f5e6c0f464e9f421a45d; Download | Favorite | View

Red Hat Security Advisory 2023-3714-01: Posted Jun 22, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3714-01 - PostgreSQL is an advanced object-relational database management system.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | 1980932e5150f22b5f57c035b3ff2943d17686a6d61283f8449cf87085fa2a42; Download | Favorite | View

Ubuntu Security Notice USN-6104-1: Posted May 25, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6104-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security policies. An authenticated user could possibly use this issue to complete otherwise forbidden reads and modifications.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | 87aa4a75c2584ff4230215d084b97a2b13caf7a8c4f0ef083f04b56d6bfa60b5; Download | Favorite | View

Debian Security Advisory 5401-1: Posted May 12, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5401-1 - Two security issues were found in PostgreSQL, which may result in privilege escalation or incorrect policy enforcement.; tags | advisory; systems | linux, debian; advisories | CVE-2023-2454, CVE-2023-2455; SHA-256 | d02fe1a401fd6e938001864d290bf3d1d3745fb779eaa491b72c63b5b6668160; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 61 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
nu11secur1ty 7 files
malvuln 5 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,580)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,745)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,490)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2023-2455

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems