VDB
CISA-2023-39418
CISA-2023-39418
PUBLISHED
CVSS 3.1 LOW
Reported by redhat · Published August 11, 2023
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Risk Scores
CVSS 3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | 8090020231114113548.a75119d5 |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 8080020231113134015.63b34585 |
| Red Hat | Red Hat Enterprise Linux 9 | 9030020231120082734.rhel9 |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 9020020231115020618.rhel9 |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Software Collections | |
| Red Hat | Red Hat Software Collections | |
| Red Hat | Red Hat Software Collections | |
| Red Hat | Red Hat Enterprise Linux 9 | 9030020231120082734.rhel9, 9030020231120082734.rhel9 |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Software Collections | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 8 | 8090020231114113548.a75119d5, * |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 8 |
…and 6 more
Timeline
- Aug 11, 2023 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Distribution Patch
References
- RHSA-2023:7785 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:7883 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:7884 vendor-advisoryx_refsource_REDHAT
- RHSA-2023:7885 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2228112 issue-trackingx_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20230915-0002/ url
- https://www.debian.org/security/2023/dsa-5553 url