Vulnerability Description
Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sraoss | Pg Ivm | < 1.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/sraoss/pg_ivmProduct
- https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1Release Notes
- https://jvn.jp/en/jp/JVN19872280/Third Party Advisory
- https://github.com/sraoss/pg_ivmProduct
- https://github.com/sraoss/pg_ivm/releases/tag/v1.5.1Release Notes
- https://jvn.jp/en/jp/JVN19872280/Third Party Advisory
FAQ
What is CVE-2023-22847?
CVE-2023-22847 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that th...
How severe is CVE-2023-22847?
CVE-2023-22847 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22847?
Check the references section above for vendor advisories and patch information. Affected products include: Sraoss Pg Ivm.