vulnerability

Red Hat: CVE-2023-2455: postgresql: row security policies disregard user ID changes after inlining. (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
2023-06-09
Added
2023-06-22
Modified
2025-03-27

Description

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

Solution(s)

redhat-upgrade-pg_repackredhat-upgrade-pg_repack-debuginforedhat-upgrade-pg_repack-debugsourceredhat-upgrade-pgauditredhat-upgrade-pgaudit-debuginforedhat-upgrade-pgaudit-debugsourceredhat-upgrade-postgres-decoderbufsredhat-upgrade-postgres-decoderbufs-debuginforedhat-upgrade-postgres-decoderbufs-debugsourceredhat-upgrade-postgresqlredhat-upgrade-postgresql-contribredhat-upgrade-postgresql-contrib-debuginforedhat-upgrade-postgresql-debuginforedhat-upgrade-postgresql-debugsourceredhat-upgrade-postgresql-docsredhat-upgrade-postgresql-docs-debuginforedhat-upgrade-postgresql-plperlredhat-upgrade-postgresql-plperl-debuginforedhat-upgrade-postgresql-plpython3redhat-upgrade-postgresql-plpython3-debuginforedhat-upgrade-postgresql-pltclredhat-upgrade-postgresql-pltcl-debuginforedhat-upgrade-postgresql-private-develredhat-upgrade-postgresql-private-libsredhat-upgrade-postgresql-private-libs-debuginforedhat-upgrade-postgresql-serverredhat-upgrade-postgresql-server-debuginforedhat-upgrade-postgresql-server-develredhat-upgrade-postgresql-server-devel-debuginforedhat-upgrade-postgresql-staticredhat-upgrade-postgresql-testredhat-upgrade-postgresql-test-debuginforedhat-upgrade-postgresql-test-rpm-macrosredhat-upgrade-postgresql-upgraderedhat-upgrade-postgresql-upgrade-debuginforedhat-upgrade-postgresql-upgrade-develredhat-upgrade-postgresql-upgrade-devel-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.