Published: 02/03/2018 Updated: 19/01/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
redhat cloudforms 4.6

PostgreSQL could be made to execute arbitrary code ...

Synopsis Important: rh-postgresql96-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql96-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...

Synopsis Important: rh-postgresql95-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql95-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...

Synopsis Important: CloudForms 466 security, bug fix and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for CloudForms Management Engine 59Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Uncontrolled search path element in pg_dump and other client applicationsA flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database (CVE-2018-1058) ...

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database ...

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database Versions 93 through 10 are affected ...

For more information about PostgreSQL versioning, please visit the versioning page ...

The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize search_path, but logical replication continued to leave search_path unchanged Users of a replication publisher or subscriber database can create objects in the p ...

[Deprecated] Terraform module composition (feature) for Azure PostGreSQL Database

DEPRECATED - Azure Managed PostgreSQL Service ⚠ This module is deprecated, please use db-postgresql-flexible module This module creates an Azure PostgreSQL server with databases along with logging activated, firewall rules and virtual network rules A user is created for each database created with this module This module does not allow users to create new objects i

Terraform module for PostgreSQL configuration/tunning on an existing Database

PostgreSQL database configuration Terraform module using PostgreSQL provider to help configuring an existing database This module will be used combined with others PostgreSQL modules (like azure-db-postgresql-flexible or postgresql-users for example) This module revoke privileges on the default public PostgreSQL schema regarding the CVE-2018-1058 and creates a dedicated s

Шпаргалка по настройке веб-сервера

Создание сервера и первоначальная настройка ОС: Ubuntu 2004 Расскомментируйте строку force_color_prompt=yes в bashrc, чтобы включить цвета для prompt в терминале Добавьте следующую строку в конец bashrc, чтобы в приветсвии терми

Terraform module composition (feature) for Azure PostGreSQL Flexible Database

Azure Managed Database - PostgreSQL flexible This module creates an Azure PostgreSQL Flexible server with databases along with logging activated firewall rules A user is created for each databases created with this module This module does not allow users to create new objects in the public schema regarding the CVE-2018-1058 Global versioning rule for Claranet Azure mod

NVD-CWE-noinfo https://www.postgresql.org/about/news/1834/https://bugzilla.redhat.com/show_bug.cgi?id=1547044 http://www.securityfocus.com/bid/103221 https://usn.ubuntu.com/3589-1/https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:3816 https://usn.ubuntu.com/3589-1/https://nvd.nist.gov https://www.postgresql.org/support/security/CVE-2018-1058/

CVE-2018-1058

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect