Test Kennung:	1.3.6.1.4.1.25623.1.0.150852
Kategorie:	Databases
Titel:	PostgreSQL 15.x < 15.4 MERGE Vulnerability - Linux
Zusammenfassung:	PostgreSQL is prone to a vulnerability in the MERGE command.
Beschreibung:	Summary: PostgreSQL is prone to a vulnerability in the MERGE command. Vulnerability Insight: PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store such rows. Subsequent consequences are application-dependent. This affects only databases that have used CREATE POLICY to define a row security policy. Affected Software/OS: PostgreSQL version 15.x prior to 15.4. Solution: Update to version 15.4 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-39418 RHBZ#2228112 https://bugzilla.redhat.com/show_bug.cgi?id=2228112 RHSA-2023:7785 https://access.redhat.com/errata/RHSA-2023:7785 RHSA-2023:7883 https://access.redhat.com/errata/RHSA-2023:7883 RHSA-2023:7884 https://access.redhat.com/errata/RHSA-2023:7884 RHSA-2023:7885 https://access.redhat.com/errata/RHSA-2023:7885 https://access.redhat.com/security/cve/CVE-2023-39418 https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 https://security.netapp.com/advisory/ntap-20230915-0002/ https://www.debian.org/security/2023/dsa-5553 https://www.postgresql.org/support/security/CVE-2023-39418/
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.