VDB

CISA-2023-39418

CISA-2023-39418 PUBLISHED CVSS 3.1 LOW

Reported by redhat · Published August 11, 2023

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

Risk Scores

CVSS 3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 88090020231114113548.a75119d5
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support8080020231113134015.63b34585
Red HatRed Hat Enterprise Linux 99030020231120082734.rhel9
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support9020020231115020618.rhel9
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Software Collections
Red HatRed Hat Software Collections
Red HatRed Hat Software Collections
Red HatRed Hat Enterprise Linux 99030020231120082734.rhel9, 9030020231120082734.rhel9
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Software Collections
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 88090020231114113548.a75119d5, *
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Enterprise Linux 8

…and 6 more

Timeline

  • Aug 11, 2023 CVE Published
  • Nov 21, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›