CVE-2018-1115 — Incorrect Permission Assignment in Postgresql

CWE-732 — Incorrect Permission Assignment8 documents5 sources

Severity

9.1CRITICALNVD

EPSS

0.7%

top 28.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Opensuse Leap

Timeline

PublishedMay 10

Latest updateMay 13

Description

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDpostgresql/postgresql10.0 — 10.4+1

▶Alpinepostgresql/postgresql< 10.4-r0+10

▶NVDopensuse/leap15.1

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-54w7-jv4g-qhqg: postgresql before versions 10↗2022-05-13

▶

OSV

CVE-2018-1115: postgresql before versions 10↗2018-05-10

▶

📋Vendor Advisories

Red Hat

postgresql: Too-permissive access control list on function pg_logfile_rotate()↗2018-05-10

▶

💬Community

Bugzilla

CVE-2018-1115 postgresql: Too-permissive access control list on function pg_logfile_rotate() [fedora-all]↗2018-05-10

▶

Bugzilla

CVE-2018-1115 mingw-postgresql: postgresql: Too-permissive access control list on function pg_logfile_rotate() [fedora-all]↗2018-05-10

▶

Bugzilla

CVE-2018-1115 mingw-postgresql: postgresql: Too-permissive access control list on function pg_logfile_rotate() [epel-7]↗2018-05-10

▶

Bugzilla

CVE-2018-1115 postgresql: Too-permissive access control list on function pg_logfile_rotate()↗2018-04-30

▶