Lucene search

[email protected]CVE-2018-10925

HistoryAug 09, 2018 - 9:29 p.m.

CVE-2018-10925

2018-08-0921:29:00

CWE-863

[email protected]

web.nvd.nist.gov

284

postgresql

authorization

security

vulnerability

nvd

insert on conflict

create table

update privileges

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.7%

JSON

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with “INSERT … ON CONFLICT DO UPDATE”. An attacker with “CREATE TABLE” privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain “INSERT” and limited “UPDATE” privileges to a particular table, they could exploit this to update other columns in the same table.

Affected configurations

Vulners

NVD

Node

postgresql_global_development_grouppostgresqlRange≤10.5

postgresql_global_development_grouppostgresqlRange≤9.6.10

postgresql_global_development_grouppostgresqlRange≤9.5.14

postgresql_global_development_grouppostgresqlRange≤9.4.19

postgresql_global_development_grouppostgresqlRange≤9.3.24

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04

CNA Affected

[
  {
    "product": "postgresql",
    "vendor": "PostgreSQL Global Development Group",
    "versions": [
      {
        "status": "affected",
        "version": "10.5"
      },
      {
        "status": "affected",
        "version": "9.6.10"
      },
      {
        "status": "affected",
        "version": "9.5.14"
      },
      {
        "status": "affected",
        "version": "9.4.19"
      },
      {
        "status": "affected",
        "version": "9.3.24"
      }
    ]
  }
]