VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-dqcu-ceuq-wbb7

Essentials
Severities (32)
References (22)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dqcu-ceuq-wbb7
Aliases	CVE-2023-39418
Summary	MERGE fails to enforce UPDATE or SELECT row security policiesmore details
Status	Published
Exploitability	0.5
Weighted Severity	2.8
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1220

Insufficient Granularity of Access Control

System	Score	Found at
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7785
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7785
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7883
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7883
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7884
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7884
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7885
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7885
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39418.json
cvssv3.1	3.1	https://access.redhat.com/security/cve/CVE-2023-39418
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
cvssv3.1	3.1	https://bugzilla.redhat.com/show_bug.cgi?id=2228112
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2228112
cvssv3.1	4.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.1	https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
ssvc	Track	https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
cvssv3	3.1	https://www.postgresql.org/support/security/CVE-2023-39418/
cvssv3.1	3.1	https://www.postgresql.org/support/security/CVE-2023-39418/
ssvc	Track	https://www.postgresql.org/support/security/CVE-2023-39418/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39418.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-39418
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
		https://www.postgresql.org/support/security/CVE-2023-39418/
2228112		https://bugzilla.redhat.com/show_bug.cgi?id=2228112
cpe:/a:redhat:enterprise_linux:8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_software_collections:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_software_collections:3
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2023-39418		https://access.redhat.com/security/cve/CVE-2023-39418
?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229		https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
RHSA-2023:7785		https://access.redhat.com/errata/RHSA-2023:7785
RHSA-2023:7883		https://access.redhat.com/errata/RHSA-2023:7883
RHSA-2023:7884		https://access.redhat.com/errata/RHSA-2023:7884
RHSA-2023:7885		https://access.redhat.com/errata/RHSA-2023:7885
USN-6296-1		https://usn.ubuntu.com/6296-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7785

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7785

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7883

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7883

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7884

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7884

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7885

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7885

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39418.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2023-39418

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/security/cve/CVE-2023-39418

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2228112

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2228112

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://www.postgresql.org/support/security/CVE-2023-39418/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://www.postgresql.org/support/security/CVE-2023-39418/

Exploit Prediction Scoring System (EPSS)

Percentile	0.63088
EPSS Score	0.00439
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:35:51.408280+00:00	PostgreSQL Importer	Import	https://www.postgresql.org/support/security/CVE-2023-39418	38.0.0