FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
4b636f50-f011-11ed-bbae-6cc21735f730 | postgresql-server -- Row security policies disregard user ID changes after inlining
PostgreSQL Project reports
While CVE-2016-2193 fixed most interaction between row security and
user ID changes, it missed a scenario involving function
inlining. This leads to potentially incorrect policies being
applied in cases where role-specific policies are used and a
given query is planned under one role and then executed under
other roles. This scenario can happen under security definer
functions or when a common user and query is planned
initially and then re-used across multiple SET ROLEs.
Applying an incorrect policy may permit a user to complete
otherwise-forbidden reads and modifications. This affects
only databases that have used CREATE POLICY to define a row
security policy.
Discovery 2023-05-11 Entry 2023-05-11 postgresql-server
< 15.3
< 14.8
< 13.11
< 12.15
< 11.20
CVE-2023-2455
https://www.postgresql.org/support/security/CVE-2023-2455/
|