8.1

CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
DebianDebian Linux Version9.0
PostgresqlPostgresql Version >= 9.5.0 < 9.5.14
PostgresqlPostgresql Version >= 9.6.0 < 9.6.10
PostgresqlPostgresql Version >= 10.0 < 10.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.24% 0.806
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
secalert@redhat.com 7.1 2.8 4.2
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/errata/RHSA-2018:2511
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2566
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3816
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2018:2565
Third Party Advisory
https://security.gentoo.org/glsa/201810-08
Third Party Advisory
http://www.securitytracker.com/id/1041446
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3744-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4269
Third Party Advisory
https://www.postgresql.org/about/news/1878/
Vendor Advisory
http://www.securityfocus.com/bid/105052
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925
Patch
Third Party Advisory
Issue Tracking