A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
History

Fri, 06 Dec 2024 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220

Tue, 03 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 12:00:00 +0000


Mon, 16 Sep 2024 16:30:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-08-11T12:19:15.819Z

Updated: 2024-12-06T11:12:05.716Z

Reserved: 2023-08-01T09:31:02.842Z

Link: CVE-2023-39418

cve-icon Vulnrichment

Updated: 2024-08-02T18:10:20.651Z

cve-icon NVD

Status : Modified

Published: 2023-08-11T13:15:09.963

Modified: 2024-12-06T11:15:06.723

Link: CVE-2023-39418

cve-icon Redhat

Severity : Low

Publid Date: 2023-08-10T00:00:00Z

Links: CVE-2023-39418 - Bugzilla