Databases : PostgreSQL 15.x < 15.4 MERGE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.150852

Categoría: Databases

Título: PostgreSQL 15.x < 15.4 MERGE Vulnerability - Linux

Resumen: PostgreSQL is prone to a vulnerability in the MERGE command.

Descripción: Summary:
PostgreSQL is prone to a vulnerability in the MERGE command.

Vulnerability Insight:
PostgreSQL 15 introduced the MERGE command, which fails to test
new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT
policies forbid some row that INSERT policies do not forbid, a user could store such rows.
Subsequent consequences are application-dependent. This affects only databases that have used
CREATE POLICY to define a row security policy.

Affected Software/OS:
PostgreSQL version 15.x prior to 15.4.

Solution:
Update to version 15.4 or later.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-39418
RHBZ#2228112
https://bugzilla.redhat.com/show_bug.cgi?id=2228112
RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7785
RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7883
RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7884
RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/security/cve/CVE-2023-39418
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
https://security.netapp.com/advisory/ntap-20230915-0002/
https://www.debian.org/security/2023/dsa-5553
https://www.postgresql.org/support/security/CVE-2023-39418/

Copyright Copyright (C) 2023 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.150852
Categoría:	Databases
Título:	PostgreSQL 15.x < 15.4 MERGE Vulnerability - Linux
Resumen:	PostgreSQL is prone to a vulnerability in the MERGE command.
Descripción:	Summary: PostgreSQL is prone to a vulnerability in the MERGE command. Vulnerability Insight: PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store such rows. Subsequent consequences are application-dependent. This affects only databases that have used CREATE POLICY to define a row security policy. Affected Software/OS: PostgreSQL version 15.x prior to 15.4. Solution: Update to version 15.4 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-39418 RHBZ#2228112 https://bugzilla.redhat.com/show_bug.cgi?id=2228112 RHSA-2023:7785 https://access.redhat.com/errata/RHSA-2023:7785 RHSA-2023:7883 https://access.redhat.com/errata/RHSA-2023:7883 RHSA-2023:7884 https://access.redhat.com/errata/RHSA-2023:7884 RHSA-2023:7885 https://access.redhat.com/errata/RHSA-2023:7885 https://access.redhat.com/security/cve/CVE-2023-39418 https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 https://security.netapp.com/advisory/ntap-20230915-0002/ https://www.debian.org/security/2023/dsa-5553 https://www.postgresql.org/support/security/CVE-2023-39418/
Copyright	Copyright (C) 2023 Greenbone AG