ALPINE-CVE-2023-2455

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2023-2455
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2023-2455
Upstream
Published
2023-06-09T19:15:09.313Z
Modified
2026-06-15T18:27:21.858889129Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

References

Affected packages

Alpine:v3.13
postgresql

Package

Name
postgresql
Purl
pkg:apk/alpine/postgresql?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.11-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
Alpine:v3.14
postgresql

Package

Name
postgresql
Purl
pkg:apk/alpine/postgresql?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.11-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
Alpine:v3.15
postgresql13

Package

Name
postgresql13
Purl
pkg:apk/alpine/postgresql13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.11-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.8-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
Alpine:v3.16
postgresql13

Package

Name
postgresql13
Purl
pkg:apk/alpine/postgresql13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.11-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.8-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
Alpine:v3.17
postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.8-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.3-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
Alpine:v3.18
postgresql14

Package

Name
postgresql14
Purl
pkg:apk/alpine/postgresql14?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.8-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.3-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
Alpine:v3.19
postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.3-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"
Alpine:v3.20
postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.3-r0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-2455.json"