cvelistv5 - CVE-2023-23554

CVE-2023-23554 (GCVE-0-2023-23554)

Vulnerability from cvelistv5 – Published: 2023-03-07 00:00 – Updated: 2025-03-06 16:48

Summary

Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Uncontrolled search path element

Assigner

jpcert

References

URL

Tags

	https://github.com/sraoss/pg_ivm
	https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1
	https://jvn.jp/en/jp/JVN19872280/

Impacted products

	Vendor	Product	Version
	IVM Development Group	pg_ivm	Affected: versions prior to 1.5.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:33.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/sraoss/pg_ivm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN19872280/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23554",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-06T16:48:45.771354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-427",
                "description": "CWE-427 Uncontrolled Search Path Element",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-06T16:48:50.808Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pg_ivm",
          "vendor": "IVM Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "versions prior to 1.5.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Uncontrolled search path element",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-07T00:00:00.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://github.com/sraoss/pg_ivm"
        },
        {
          "url": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN19872280/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-23554",
    "datePublished": "2023-03-07T00:00:00.000Z",
    "dateReserved": "2023-02-28T00:00:00.000Z",
    "dateUpdated": "2025-03-06T16:48:50.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sraoss:pg_ivm:*:*:*:*:*:postgresql:*:*\", \"versionEndExcluding\": \"1.5.1\", \"matchCriteriaId\": \"F63AF103-5E29-464C-AA20-A9063C05FDA6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.\"}]",
      "id": "CVE-2023-23554",
      "lastModified": "2024-11-21T07:46:24.613",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-03-07T01:15:10.363",
      "references": "[{\"url\": \"https://github.com/sraoss/pg_ivm\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN19872280/\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/sraoss/pg_ivm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN19872280/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23554\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2023-03-07T01:15:10.363\",\"lastModified\":\"2025-03-06T17:15:16.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sraoss:pg_ivm:*:*:*:*:*:postgresql:*:*\",\"versionEndExcluding\":\"1.5.1\",\"matchCriteriaId\":\"F63AF103-5E29-464C-AA20-A9063C05FDA6\"}]}]}],\"references\":[{\"url\":\"https://github.com/sraoss/pg_ivm\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jvn.jp/en/jp/JVN19872280/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/sraoss/pg_ivm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jvn.jp/en/jp/JVN19872280/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/sraoss/pg_ivm\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN19872280/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:35:33.199Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23554\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-06T16:48:45.771354Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427 Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-06T16:48:41.245Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"IVM Development Group\", \"product\": \"pg_ivm\", \"versions\": [{\"status\": \"affected\", \"version\": \"versions prior to 1.5.1\"}]}], \"references\": [{\"url\": \"https://github.com/sraoss/pg_ivm\"}, {\"url\": \"https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1\"}, {\"url\": \"https://jvn.jp/en/jp/JVN19872280/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Uncontrolled search path element\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2023-03-07T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-23554\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-06T16:48:50.808Z\", \"dateReserved\": \"2023-02-28T00:00:00.000Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2023-03-07T00:00:00.000Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-JWQX-Q9H3-4Q35

Vulnerability from github – Published: 2023-03-07 03:30 – Updated: 2025-03-06 18:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-23554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-07T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.",
  "id": "GHSA-jwqx-q9h3-4q35",
  "modified": "2025-03-06T18:30:50Z",
  "published": "2023-03-07T03:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23554"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sraoss/pg_ivm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN19872280"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-23554

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-23554

Aliases

CVE-2023-23554

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-23554",
    "id": "GSD-2023-23554"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-23554"
      ],
      "details": "Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.",
      "id": "GSD-2023-23554",
      "modified": "2023-12-13T01:20:50.197986Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2023-23554",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "pg_ivm",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "versions prior to 1.5.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IVM Development Group"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Uncontrolled search path element"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/sraoss/pg_ivm",
            "refsource": "MISC",
            "url": "https://github.com/sraoss/pg_ivm"
          },
          {
            "name": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1",
            "refsource": "MISC",
            "url": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN19872280/",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN19872280/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sraoss:pg_ivm:*:*:*:*:*:postgresql:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.5.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2023-23554"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sraoss/pg_ivm",
              "refsource": "MISC",
              "tags": [
                "Product"
              ],
              "url": "https://github.com/sraoss/pg_ivm"
            },
            {
              "name": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN19872280/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN19872280/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-14T15:54Z",
      "publishedDate": "2023-03-07T01:15Z"
    }
  }
}

CERTFR-2023-AVI-0186

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans PostgreSQL. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PostgreSQL	N/A	pg_ivm versions antérieures à 1.5.1

References

Title

Publication Time

Tags

Bulletin de sécurité PostgreSQL du 02 mars 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "pg_ivm versions ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PostgreSQL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23554"
    },
    {
      "name": "CVE-2023-22847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22847"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0186",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PostgreSQL. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PostgreSQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PostgreSQL du 02 mars 2023",
      "url": "https://www.postgresql.org/about/news/pg_ivm-151-security-update-release-2603/"
    }
  ]
}

CERTFR-2023-AVI-0186

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PostgreSQL	N/A	pg_ivm versions antérieures à 1.5.1

References

Title

Publication Time

Tags

Bulletin de sécurité PostgreSQL du 02 mars 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "pg_ivm versions ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PostgreSQL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-23554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23554"
    },
    {
      "name": "CVE-2023-22847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22847"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0186",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PostgreSQL. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PostgreSQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PostgreSQL du 02 mars 2023",
      "url": "https://www.postgresql.org/about/news/pg_ivm-151-security-update-release-2603/"
    }
  ]
}

JVNDB-2023-000023

Vulnerability from jvndb - Published: 2023-03-06 15:22 - Updated:2024-06-10 16:41

Severity ?

5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

Multiple vulnerabilities in PostgreSQL extension module pg_ivm

Details

pg_ivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pg_ivm contains multiple vulnerabilities listed below.

Exposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2023-22847 An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to.

Uncontrolled search path element (CWE-427) - CVE-2023-23554 When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege.

IVM Development Group reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and IVM Development Group coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN19872280/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-22847
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-23554
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-22847
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-23554
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

IVM Development Group

pg_ivm

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000023.html",
  "dc:date": "2024-06-10T16:41+09:00",
  "dcterms:issued": "2023-03-06T15:22+09:00",
  "dcterms:modified": "2024-06-10T16:41+09:00",
  "description": "pg_ivm provided by IVM Development Group is a PostgreSQL extension module that provides incremental view maintenance functionality of materialized views. pg_ivm contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eExposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2023-22847\r\nAn Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to.\u003c/ul\u003e\r\n\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2023-23554\r\nWhen refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege.\u003c/ul\u003e\r\n\r\nIVM Development Group reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and IVM Development Group coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000023.html",
  "sec:cpe": {
    "#text": "cpe:/a:sraoss:pg_ivm",
    "@product": "pg_ivm",
    "@vendor": "IVM Development Group",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000023",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN19872280/index.html",
      "@id": "JVN#19872280",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22847",
      "@id": "CVE-2023-22847",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23554",
      "@id": "CVE-2023-23554",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22847",
      "@id": "CVE-2023-22847",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23554",
      "@id": "CVE-2023-23554",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in PostgreSQL extension module pg_ivm"
}

FKIE_CVE-2023-23554

Vulnerability from fkie_nvd - Published: 2023-03-07 01:15 - Updated: 2025-03-06 17:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://github.com/sraoss/pg_ivm	Product
vultures@jpcert.or.jp	https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1	Release Notes
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN19872280/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sraoss/pg_ivm	Product
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN19872280/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	sraoss	pg_ivm	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sraoss:pg_ivm:*:*:*:*:*:postgresql:*:*",
              "matchCriteriaId": "F63AF103-5E29-464C-AA20-A9063C05FDA6",
              "versionEndExcluding": "1.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner\u0027s privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner."
    }
  ],
  "id": "CVE-2023-23554",
  "lastModified": "2025-03-06T17:15:16.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-03-07T01:15:10.363",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/sraoss/pg_ivm"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN19872280/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/sraoss/pg_ivm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN19872280/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-23554 (GCVE-0-2023-23554)

GHSA-JWQX-Q9H3-4Q35

GSD-2023-23554

CERTFR-2023-AVI-0186

Solution

CERTFR-2023-AVI-0186

Solution

JVNDB-2023-000023

FKIE_CVE-2023-23554

Tags

Sightings

Nomenclature