CVE-2018-1058

EPSS 81.98%
Published 02.03.2018 15:29:00
Last modified 21.11.2024 03:59:05
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version >= 9.3 < 9.3.22

Postgresql ≫ Postgresql Version >= 9.4 < 9.4.17

Postgresql ≫ Postgresql Version >= 9.5 < 9.5.12

Postgresql ≫ Postgresql Version >= 9.6 < 9.6.8

Postgresql ≫ Postgresql Version >= 10.0 < 10.3

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Redhat ≫ Cloudforms Version4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	81.98%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2018:2511

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3816

Third Party Advisory

http://www.securityfocus.com/bid/103221

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1547044

Third Party Advisory

Issue Tracking