Back to search
CVE-2018-16850
Published: Nov 13, 2018
Modified: Aug 5, 2024
PUBLISHED
CVSS v3.0
8.0
HIGH
Description
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
| Vendor | Product | Versions |
|---|---|---|
The PostgreSQL Project | postgresql | affected 11.1affected 10.6 |
Weaknesses (CWE)
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
References
USN-3818-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3757
vendor-advisory
x_refsource_REDHAT
https://www.postgresql.org/about/news/1905/
x_refsource_CONFIRM
1042144
vdb-entry
x_refsource_SECTRACK
GLSA-201811-24
vendor-advisory
x_refsource_GENTOO
105923
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now