Affected versions: <11.20, <12.15, <13.11, <14.8, <15.3 CVE-2023-2454: CREATE SCHEMA ... schema_element defeats protective search_path changes. Versions Affected: 11 - 15. The security team typically does not test unsupported versions, but this problem is quite old. This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. The PostgreSQL project thanks Alexander Lakhin for reporting this problem. CVE-2023-2455: Row security policies disregard user ID changes after inlining. Versions Affected: 11 - 15. The security team typically does not test unsupported versions, but this problem is quite old. While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. The PostgreSQL project thanks Wolfgang Walther for reporting this problem.
Stabilization in #906149
GLSA vote: no.
