Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2018-1115

Published: 10/05/2018 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Postgresql

Vulnerability Summary

postgresql prior to 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql

opensuse leap 15.1

Vendor Advisories

Red Hat: Important: rh-postgresql10-postgresql security update
Synopsis Important: rh-postgresql10-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql10-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Red Hat: Important: rh-postgresql96-postgresql security update
Synopsis Important: rh-postgresql96-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql96-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Amazon Linux AMI: ALAS-2018-1119
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to highe ...
Red Hat: CVE-2018-1115
It was found that pg_catalogpg_logfile_rotate(), from the adminpack extension, did not follow the same ACLs than pg_rorate_logfile If the adminpack is added to a database, an attacker able to connect to it could use this flaw to force log rotation ...
PostgreSQL CVE: CVE-2018-1115
For more information about PostgreSQL versioning, please visit the versioning page ...

References

CWE-732https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115http://www.securityfocus.com/bid/104285https://access.redhat.com/errata/RHSA-2018:2566https://access.redhat.com/errata/RHSA-2018:2565https://security.gentoo.org/glsa/201810-08http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.htmlhttps://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=7b34740https://access.redhat.com/errata/RHSA-2018:2565https://nvd.nist.govhttps://www.postgresql.org/support/security/CVE-2018-1115/https://alas.aws.amazon.com/ALAS-2018-1119.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook