CVE-2023-39418
Postgresql: merge fails to enforce update or select row security policies
In short
PostgreSQL's MERGE command doesn't properly check security rules when updating rows, potentially allowing users to save data that should be blocked by security policies.
Technical detail
The MERGE command in PostgreSQL fails to enforce row security policies (RLS) for UPDATE and SELECT operations on new rows, allowing an attacker with MERGE privileges to bypass row-level security restrictions and insert rows that would normally be rejected by UPDATE or SELECT policies.
Summary generated and translated by AI from the official description.
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat Software CollectionsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2023:7785https://access.redhat.com/errata/RHSA-2023:7883https://access.redhat.com/errata/RHSA-2023:7884https://access.redhat.com/errata/RHSA-2023:7885https://access.redhat.com/security/cve/CVE-2023-39418https://bugzilla.redhat.com/show_bug.cgi?id=2228112https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229https://security.netapp.com/advisory/ntap-20230915-0002/https://www.debian.org/security/2023/dsa-5553https://www.postgresql.org/support/security/CVE-2023-39418/