CVE-2023-2455

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-2455

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2455.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-2455

Aliases

BIT-postgresql-2023-2455

Downstream

ALPINE-CVE-2023-2455

DEBIAN-CVE-2023-2455

DLA-3422-1

DSA-5401-1

OESA-2023-1567

OESA-2023-1568

OESA-2023-1569

RHSA-2023:3714

RHSA-2023:4313

RHSA-2023:4327

RHSA-2023:4527

RHSA-2023:4535

RHSA-2023:4539

RHSA-2023:5269

RHSA-2023:7545

RHSA-2023:7580

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7772

RLSA-2023:4327

SUSE-SU-2023:2198-1

SUSE-SU-2023:2199-1

SUSE-SU-2023:2200-1

SUSE-SU-2023:2201-1

SUSE-SU-2023:2202-1

SUSE-SU-2023:2205-1

SUSE-SU-2023:2206-1

SUSE-SU-2023:2207-1

SUSE-SU-2023:2219-1

UBUNTU-CVE-2023-2455

USN-6104-1

openSUSE-SU-2024:12929-1

openSUSE-SU-2024:12930-1

openSUSE-SU-2024:12931-1

openSUSE-SU-2024:12932-1

openSUSE-SU-2024:12933-1

openSUSE-SU-2024:14360-1

Related

Published

2023-06-09T19:15:09Z

Modified

2025-01-06T18:15:13Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

References

Affected packages