FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4b636f50-f011-11ed-bbae-6cc21735f730	postgresql-server -- Row security policies disregard user ID changes after inlining PostgreSQL Project reports While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. Discovery 2023-05-11 Entry 2023-05-11 postgresql-server < 15.3 < 14.8 < 13.11 < 12.15 < 11.20 CVE-2023-2455 https://www.postgresql.org/support/security/CVE-2023-2455/

VuXML ID

Description

4b636f50-f011-11ed-bbae-6cc21735f730

postgresql-server -- Row security policies disregard user ID changes after inlining

PostgreSQL Project reports

While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

Discovery 2023-05-11
Entry 2023-05-11
postgresql-server

< 15.3

< 14.8

< 13.11

< 12.15

< 11.20

CVE-2023-2455
https://www.postgresql.org/support/security/CVE-2023-2455/