Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2455

EPSS 0.23% · P45
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-2455

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PostgreSQL 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL 11版本至15版本存在安全漏洞,该漏洞源于应用不正确的策略,允许远程用户绕过实施的安全限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-postgresql PostgreSQL 15.3, PostgreSQL 14.8, PostgreSQL 13.11, PostgreSQL 12.15, PostgreSQL 11.20 -

II. Public POCs for CVE-2023-2455

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-2455

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-06-09 · 24 CVEs total

CVE-2023-29755Urbandroid Twilight 安全漏洞
CVE-2023-34363Progress Software DataDirect Connect 安全特征问题漏洞
CVE-2023-34364Progress Software DataDirect Connect 缓冲区错误漏洞
CVE-2023-29712Vade Secure Gateway 跨站脚本漏洞
CVE-2023-30262MIM Software 代码问题漏洞
CVE-2023-33557FUEL CMS SQL注入漏洞
CVE-2023-27706Bitwarden 安全漏洞
CVE-2023-29713Vade Secure Gateway 跨站脚本漏洞
CVE-2023-29714Vade Secure Gateway 跨站脚本漏洞
CVE-2023-2454PostgreSQL 安全漏洞
CVE-2023-29749Yandex Navigator 安全漏洞
CVE-2023-29752Facemoji Emoji Keyboard 安全漏洞
CVE-2023-29753Facemoji Emoji Keyboard 安全漏洞
CVE-2023-29756Urbandroid Twilight 安全漏洞
CVE-2023-29757Leap Apps Group Blue Light Filter 安全漏洞
CVE-2023-29758Leap Apps Group Blue Light Filter 安全漏洞
CVE-2023-29759flightaware 安全漏洞
CVE-2023-29761Urbandroid Sleep 安全漏洞
CVE-2023-29766CrossX 安全漏洞
CVE-2023-29767CrossX 资源管理错误漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: postgresql
Same vendor: n/a
Same weakness: CWE-20

V. Comments for CVE-2023-2455

No comments yet

Leave a comment