CVE-2023-39418

Summary

CVE-2023-39418 is a newly discovered vulnerability affecting PostgreSQL. The issue stems from a flaw in the MERGE command, which fails to enforce row security policies during updates. Specifically, if UPDATE and SELECT policies restrict certain rows, but INSERT policies do not, a user can bypass these restrictions and insert unauthorized data. This could potentially lead to security breaches and unintended data modifications. It is recommended that users of PostgreSQL apply the necessary patches or upgrades to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.