CVE-2018-1115 : postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension,

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Published 2018-05-10 19:29:00

Updated 2022-11-30 21:22:53

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2018-1115

Postgresql » Postgresql
Versions from including (>=) 10.0 and before (<) 10.4
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Matching versions
Postgresql » Postgresql
Versions before (<) 9.6.9
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-1115

Top countries where our scanners detected CVE-2018-1115

Top open port discovered on systems with this issue 5432

IPs affected by CVE-2018-1115 251,878

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-1115!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-1115

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1115

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
4.2	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L	1.6	2.5	Red Hat, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2018-1115

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2018-1115

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

[security-announce] openSUSE-SU-2020:1227-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115

1573276 – (CVE-2018-1115) CVE-2018-1115 postgresql: Too-permissive access control list on function pg_logfile_rotate()
Issue Tracking;Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2565

RHSA-2018:2565 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7b34740

git.postgresql.org Git - postgresql.git/commitdiff
Patch;Vendor Advisory
https://security.gentoo.org/glsa/201810-08

PostgreSQL: Multiple vulnerabilities (GLSA 201810-08) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:2566

RHSA-2018:2566 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/104285

PostgreSQL CVE-2018-1115 Security Bypass Vulnerability
Third Party Advisory;VDB Entry