CVE-2023-39418
Postgresql: merge fails to enforce update or select row security policies
CVSS Score
3.1
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
| CWE | CWE-1220 |
| Vendor | red hat |
| Product | red hat enterprise linux 8 |
| Published | Aug 11, 2023 |
| Last Updated | Nov 21, 2025 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 8
Be the first to know when new low vulnerabilities affecting red hat red hat enterprise linux 8 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Software Collections
All versions affected Red Hat / Red Hat Software Collections
All versions affected Red Hat / Red Hat Software Collections
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7785 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7883 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7884 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7885 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-39418 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2228112 git.postgresql.org: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 postgresql.org: https://www.postgresql.org/support/security/CVE-2023-39418/ security.netapp.com: https://security.netapp.com/advisory/ntap-20230915-0002/ debian.org: https://www.debian.org/security/2023/dsa-5553