CVE-2023-39418 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
redhat	CNA	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Affected Products (NVD)

Vendor	Product	Version
postgresql	postgresql	15.0 ≤ 𝑥 < 15.4
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
debian	debian_linux	12.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

postgresql-13

bullseye	13.16-0+deb11u1 fixed
bullseye (security)	13.18-0+deb11u1 fixed

postgresql-15

bookworm	15.8-0+deb12u1 fixed
bookworm (security)	15.10-0+deb12u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

postgresql-10

bionic	not-affected
focal	dne
jammy	dne
lunar	dne
mantic	dne
trusty	dne
xenial	dne

postgresql-12

bionic	dne
focal	not-affected
jammy	dne
lunar	dne
mantic	dne
trusty	ignored
xenial	dne

postgresql-14

bionic	dne
focal	dne
jammy	not-affected
lunar	dne
mantic	dne
trusty	dne
xenial	dne

postgresql-15

bionic	ignored
focal	dne
jammy	dne
lunar	Fixed 15.4-0ubuntu0.23.04.1 released
mantic	Fixed 15.4-1ubuntu1 released
trusty	ignored
xenial	ignored

postgresql-9.1

bionic	dne
focal	dne
jammy	dne
lunar	dne
mantic	dne
trusty	ignored
xenial	dne

postgresql-9.3

bionic	dne
focal	dne
jammy	dne
lunar	dne
mantic	dne
trusty	not-affected
xenial	dne

postgresql-9.5

bionic	dne
focal	dne
jammy	dne
lunar	dne
mantic	dne
trusty	dne
xenial	not-affected

Common Weakness Enumeration

CWE-1220 - Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

References

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7883

https://access.redhat.com/errata/RHSA-2023:7884

https://access.redhat.com/errata/RHSA-2023:7885

https://access.redhat.com/security/cve/CVE-2023-39418

https://bugzilla.redhat.com/show_bug.cgi?id=2228112

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

https://www.postgresql.org/support/security/CVE-2023-39418/