vulnerability

Amazon Linux AMI 2: CVE-2023-2455: Security patch for postgresql (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Jun 9, 2023
Added
Sep 28, 2023
Modified
Mar 3, 2025

Description

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

Solution(s)

amazon-linux-ami-2-upgrade-postgresqlamazon-linux-ami-2-upgrade-postgresql-contribamazon-linux-ami-2-upgrade-postgresql-debuginfoamazon-linux-ami-2-upgrade-postgresql-develamazon-linux-ami-2-upgrade-postgresql-docsamazon-linux-ami-2-upgrade-postgresql-libsamazon-linux-ami-2-upgrade-postgresql-llvmjitamazon-linux-ami-2-upgrade-postgresql-plperlamazon-linux-ami-2-upgrade-postgresql-plpythonamazon-linux-ami-2-upgrade-postgresql-plpython2amazon-linux-ami-2-upgrade-postgresql-plpython3amazon-linux-ami-2-upgrade-postgresql-pltclamazon-linux-ami-2-upgrade-postgresql-private-develamazon-linux-ami-2-upgrade-postgresql-private-libsamazon-linux-ami-2-upgrade-postgresql-serveramazon-linux-ami-2-upgrade-postgresql-server-develamazon-linux-ami-2-upgrade-postgresql-staticamazon-linux-ami-2-upgrade-postgresql-testamazon-linux-ami-2-upgrade-postgresql-test-rpm-macrosamazon-linux-ami-2-upgrade-postgresql-upgradeamazon-linux-ami-2-upgrade-postgresql-upgrade-devel

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today