CVE-2018-1115 — CRITICAL (9.1)

Q: How severe is CVE-2018-1115?

CVE-2018-1115 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-1115?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Opensuse Leap.

Vulnerability Description

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Postgresql	Postgresql	< 9.6.9
Opensuse	Leap	15.1

Related Weaknesses (CWE)

CWE-732

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/104285Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:2565Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2566Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115Issue TrackingPatchThird Party Advisory
https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=7b34740
https://security.gentoo.org/glsa/201810-08Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/104285Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:2565Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2566Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115Issue TrackingPatchThird Party Advisory
https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=7b34740
https://security.gentoo.org/glsa/201810-08Third Party Advisory

FAQ

What is CVE-2018-1115?

CVE-2018-1115 is a vulnerability with a CVSS score of 9.1 (CRITICAL). postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is ad...

How severe is CVE-2018-1115?

CVE-2018-1115 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1115?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Opensuse Leap.