Wiz
Vulnerability DatabaseCVE-2023-2455

CVE-2023-2455
PostgreSQL vulnerability analysis and mitigation

Overview

CVE-2023-2455 is a security vulnerability in PostgreSQL that affects databases using row security policies. The vulnerability was discovered and reported by Wolfgang Walther, with fixes released on May 11, 2023. The issue occurs when role-specific policies are used and a query is planned under one role but executed under different roles, which can happen in security definer functions or when queries are re-used across multiple SET ROLEs (PostgreSQL Security).

Technical details

The vulnerability stems from an incomplete fix of CVE-2016-2193, specifically in scenarios involving function inlining. When a query is planned under one role and executed under different roles, the row security policies may be incorrectly applied. This affects only databases that have implemented row security policies using CREATE POLICY. The vulnerability has been assigned a CVSS 3.1 base score of 5.4 (Medium) with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (NVD).

Impact

When exploited, this vulnerability could allow users to perform otherwise-forbidden read and modify operations on database rows. The impact is limited to databases that have specifically implemented row security policies, potentially compromising the intended access controls (PostgreSQL Security).

Mitigation and workarounds

Fixed versions were released on May 11, 2023, with patches available in PostgreSQL versions 15.3, 14.8, 13.11, 12.15, and 11.20. Users should upgrade to these or later versions to address the vulnerability (PostgreSQL Security).

Additional resources

SourceThis report was generated using AI

Related PostgreSQL vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-8715HIGH8.8
  • PostgreSQLPostgreSQL
  • postgresql17-private-libs
NoYesAug 14, 2025
CVE-2025-8714HIGH8.8
  • PostgreSQLPostgreSQL
  • postgresql:13::postgresql-test
NoYesAug 14, 2025
CVE-2025-12818MEDIUM5.9
  • PostgreSQLPostgreSQL
  • postgresql15-docs
NoYesNov 13, 2025
CVE-2025-12817LOW3.1
  • PostgreSQLPostgreSQL
  • postgresql:12::postgresql-private-devel
NoYesNov 13, 2025
CVE-2025-8713LOW3.1
  • PostgreSQLPostgreSQL
  • postgresql14-devel
NoYesAug 14, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo