CVE-2018-1058

State: PUBLISHED · Published: 2018-03-02 · Updated: 2024-09-17 · Assigner: redhat

Description

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

CWE

CWE-20 — CWE-20

Affected

The PostgreSQL Global Development Group / postgresql — v=9.3 - 10 [affected]

CVSS

(none)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1547044 x_refsource_CONFIRM
https://usn.ubuntu.com/3589-1/ vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/103221 vdb-entry, x_refsource_BID
https://www.postgresql.org/about/news/1834/ x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2511 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2566 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3816 vendor-advisory, x_refsource_REDHAT

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1058.json