CVE-2023-39417 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 65%

Vendor	Product	Version
postgresql	postgresql	11.0 ≤ 𝑥 < 11.21
postgresql	postgresql	12.0 ≤ 𝑥 < 12.16
postgresql	postgresql	13.0 ≤ 𝑥 < 13.12
postgresql	postgresql	14.0 ≤ 𝑥 < 14.9
postgresql	postgresql	15.0 ≤ 𝑥 < 15.4
redhat	software_collections	-
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
debian	debian_linux	8.0
debian	debian_linux	11.0
debian	debian_linux	12.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

postgresql-13

bullseye	13.16-0+deb11u1 fixed
bullseye (security)	13.18-0+deb11u1 fixed

postgresql-15

bookworm	15.8-0+deb12u1 fixed
bookworm (security)	15.10-0+deb12u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

postgresql-10

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	dne
focal	dne
bionic	needs-triage
xenial	dne
trusty	dne

postgresql-12

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	dne
focal	Fixed 12.16-0ubuntu0.20.04.1 released
bionic	dne
xenial	dne
trusty	ignored

postgresql-14

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	Fixed 14.9-0ubuntu0.22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

postgresql-15

oracular	dne
noble	dne
mantic	Fixed 15.4-1ubuntu1 released
lunar	Fixed 15.4-0ubuntu0.23.04.1 released
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	ignored

postgresql-9.1

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	ignored

postgresql-9.3

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	ignored

postgresql-9.5

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	dne
focal	dne
bionic	dne
xenial	Fixed 9.5.25-0ubuntu0.16.04.1+esm5 released
trusty	dne

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

https://access.redhat.com/errata/RHSA-2023:7545

https://access.redhat.com/errata/RHSA-2023:7579

https://access.redhat.com/errata/RHSA-2023:7580

https://access.redhat.com/errata/RHSA-2023:7581

https://access.redhat.com/errata/RHSA-2023:7616

https://access.redhat.com/errata/RHSA-2023:7656

https://access.redhat.com/errata/RHSA-2023:7666

https://access.redhat.com/errata/RHSA-2023:7667

https://access.redhat.com/errata/RHSA-2023:7694

https://access.redhat.com/errata/RHSA-2023:7695

https://access.redhat.com/errata/RHSA-2023:7714

https://access.redhat.com/errata/RHSA-2023:7770

https://access.redhat.com/errata/RHSA-2023:7772

https://access.redhat.com/errata/RHSA-2023:7784

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7883

https://access.redhat.com/errata/RHSA-2023:7884

https://access.redhat.com/errata/RHSA-2023:7885

https://access.redhat.com/errata/RHSA-2024:0304

https://access.redhat.com/errata/RHSA-2024:0332

https://access.redhat.com/errata/RHSA-2024:0337

https://access.redhat.com/security/cve/CVE-2023-39417

https://bugzilla.redhat.com/show_bug.cgi?id=2228111

https://www.postgresql.org/support/security/CVE-2023-39417

https://access.redhat.com/errata/RHSA-2023:7545

https://access.redhat.com/errata/RHSA-2023:7579

https://access.redhat.com/errata/RHSA-2023:7580

https://access.redhat.com/errata/RHSA-2023:7581

https://access.redhat.com/errata/RHSA-2023:7616

https://access.redhat.com/errata/RHSA-2023:7656

https://access.redhat.com/errata/RHSA-2023:7666

https://access.redhat.com/errata/RHSA-2023:7667

https://access.redhat.com/errata/RHSA-2023:7694

https://access.redhat.com/errata/RHSA-2023:7695

https://access.redhat.com/errata/RHSA-2023:7714

https://access.redhat.com/errata/RHSA-2023:7770

https://access.redhat.com/errata/RHSA-2023:7772

https://access.redhat.com/errata/RHSA-2023:7784

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7883

https://access.redhat.com/errata/RHSA-2023:7884

https://access.redhat.com/errata/RHSA-2023:7885

https://access.redhat.com/errata/RHSA-2024:0304

https://access.redhat.com/errata/RHSA-2024:0332

https://access.redhat.com/errata/RHSA-2024:0337

https://access.redhat.com/security/cve/CVE-2023-39417

https://bugzilla.redhat.com/show_bug.cgi?id=2228111

https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html

https://security.netapp.com/advisory/ntap-20230915-0002/

https://www.debian.org/security/2023/dsa-5553

https://www.debian.org/security/2023/dsa-5554

https://www.postgresql.org/support/security/CVE-2023-39417