CVE-2023-2455

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 9, 2023

Updated: Jan 6, 2025

CWE ID 20

Summary

CVE-2023-2455 is a vulnerability affecting PostgreSQL databases that have implemented row security policies using the CREATE POLICY command. This issue arises when user ID changes are disregarded during the inlining process, allowing incorrect policies to be applied in certain cases. This can occur when a query is planned under one role and then executed under another, particularly in situations involving security definer functions or reused common queries across multiple SET ROLES. The consequence of this vulnerability is that unauthorized users may gain permissions to perform otherwise-forbidden reads and modifications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

PostgreSQL
Red Hat Enterprise Linux
Fedora Operating System

Affected Vendors

PostgreSQL Global Development Group
Red Hat
Fedora Project

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners