VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-x1aj-681s-aaah

Essentials
Severities (105)
References (29)
Severity details (20)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-x1aj-681s-aaah
Aliases	CVE-2023-39418
Summary	A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
Status	Published
Exploitability	0.5
Weighted Severity	3.9
Risk	1.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1220

Insufficient Granularity of Access Control

System	Score	Found at
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7785
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7785
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7883
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7883
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7884
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7884
cvssv3.1	3.1	https://access.redhat.com/errata/RHSA-2023:7885
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7885
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39418.json
cvssv3.1	3.1	https://access.redhat.com/security/cve/CVE-2023-39418
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-39418
epss	0.00328	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00439	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00496	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00496	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00496	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.00496	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.01354	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
epss	0.02039	https://api.first.org/data/v1/epss?cve=CVE-2023-39418
cvssv3.1	3.1	https://bugzilla.redhat.com/show_bug.cgi?id=2228112
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2228112
cvssv3.1	4.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.1	https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
ssvc	Track	https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-39418
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-39418
cvssv3	3.1	https://www.postgresql.org/support/security/CVE-2023-39418/
cvssv3.1	3.1	https://www.postgresql.org/support/security/CVE-2023-39418/
ssvc	Track	https://www.postgresql.org/support/security/CVE-2023-39418/

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2023:7785
		https://access.redhat.com/errata/RHSA-2023:7883
		https://access.redhat.com/errata/RHSA-2023:7884
		https://access.redhat.com/errata/RHSA-2023:7885
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39418.json
		https://access.redhat.com/security/cve/CVE-2023-39418
		https://api.first.org/data/v1/epss?cve=CVE-2023-39418
		https://bugzilla.redhat.com/show_bug.cgi?id=2228112
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
		https://security.netapp.com/advisory/ntap-20230915-0002/
		https://www.debian.org/security/2023/dsa-5553
		https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
		https://www.postgresql.org/support/security/CVE-2023-39418/
cpe:2.3:a:postgresql:postgresql::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql::::::::
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
cpe:/a:redhat:enterprise_linux:8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_software_collections:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_software_collections:3
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2023-39418		https://nvd.nist.gov/vuln/detail/CVE-2023-39418
USN-6296-1		https://usn.ubuntu.com/6296-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7785

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7785

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7883

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7883

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7884

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7884

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2023:7885

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/errata/RHSA-2023:7885

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39418.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2023-39418

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://access.redhat.com/security/cve/CVE-2023-39418

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2228112

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2228112

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39418

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39418

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://www.postgresql.org/support/security/CVE-2023-39418/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-19T19:31:10Z/ Found at https://www.postgresql.org/support/security/CVE-2023-39418/

Exploit Prediction Scoring System (EPSS)

Percentile	0.71449
EPSS Score	0.00328
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.