CVE-2023-22847

Name of the Vulnerable Software and Affected Versions pg ivm versions prior to 1.5.1

Description An information disclosure issue exists where an Incrementally Maintainable Materialized View (IMMV) created by pg ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. This allows information in tables protected by Row-Level Security to be retrieved by a user who is not authorized to access it.

Recommendations For pg ivm versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to IMMV views until the update is applied.