{"containers": {"cna": {"affected": [{"product": "postgresql", "vendor": "PostgreSQL Global Development Group", "versions": [{"status": "affected", "version": "10.5"}, {"status": "affected", "version": "9.6.10"}, {"status": "affected", "version": "9.5.14"}, {"status": "affected", "version": "9.4.19"}, {"status": "affected", "version": "9.3.24"}]}], "datePublic": "2018-08-09T00:00:00", "descriptions": [{"lang": "en", "value": "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-17T17:06:15", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "GLSA-201810-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201810-08"}, {"name": "DSA-4269", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4269"}, {"name": "105052", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105052"}, {"name": "RHSA-2018:2511", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2511"}, {"name": "USN-3744-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3744-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925"}, {"name": "RHSA-2018:2566", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2566"}, {"name": "RHSA-2018:2565", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2565"}, {"name": "RHSA-2018:3816", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3816"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.postgresql.org/about/news/1878/"}, {"name": "1041446", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041446"}, {"name": "openSUSE-SU-2020:1227", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10925", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "postgresql", "version": {"version_data": [{"version_value": "10.5"}, {"version_value": "9.6.10"}, {"version_value": "9.5.14"}, {"version_value": "9.4.19"}, {"version_value": "9.3.24"}]}}]}, "vendor_name": "PostgreSQL Global Development Group"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table."}]}, "impact": {"cvss": [[{"vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863"}]}]}, "references": {"reference_data": [{"name": "GLSA-201810-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-08"}, {"name": "DSA-4269", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4269"}, {"name": "105052", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105052"}, {"name": "RHSA-2018:2511", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2511"}, {"name": "USN-3744-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3744-1/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925"}, {"name": "RHSA-2018:2566", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2566"}, {"name": "RHSA-2018:2565", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2565"}, {"name": "RHSA-2018:3816", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3816"}, {"name": "https://www.postgresql.org/about/news/1878/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1878/"}, {"name": "1041446", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041446"}, {"name": "openSUSE-SU-2020:1227", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:54:36.061Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201810-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201810-08"}, {"name": "DSA-4269", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4269"}, {"name": "105052", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105052"}, {"name": "RHSA-2018:2511", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2511"}, {"name": "USN-3744-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3744-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925"}, {"name": "RHSA-2018:2566", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2566"}, {"name": "RHSA-2018:2565", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2565"}, {"name": "RHSA-2018:3816", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3816"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.postgresql.org/about/news/1878/"}, {"name": "1041446", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041446"}, {"name": "openSUSE-SU-2020:1227", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10925", "datePublished": "2018-08-09T21:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:54:36.061Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "03CA4B69-446D-4536-B568-2752B718F979", "versionEndExcluding": "9.5.14", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E91FFE36-2647-4506-B46C-F1BE82DBCA98", "versionEndExcluding": "9.6.10", "versionStartIncluding": "9.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "889677DE-5E60-4102-9222-E5430B8AF67D", "versionEndExcluding": "10.5", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table."}, {"lang": "es", "value": "Se ha descubierto que las versiones anteriores a la 10.5, 9.6.10, 9.5.14, 9.4.19 y 9.3.24 de PostgreSQL no comprobaron correctamente la autorizaci\u00f3n de ciertas instrucciones relacionadas con \"INSERT ... ON CONFLICT DO UPDATE\". Un atacante con privilegios \"CREATE TABLE\" podr\u00eda explotar esta vulnerabilidad para leer bytes arbitrarios de la memoria del servidor. Si el atacante tiene tambi\u00e9n determinados privilegios \"INSERT\" y privilegios limitados \"UPDATE\" en una tabla en concreto, podr\u00eda explotar esta vulnerabilidad para actualizar otras columnas en la misma tabla."}], "id": "CVE-2018-10925", "lastModified": "2023-02-24T18:38:30.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-09T21:29:00.227", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105052"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041446"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2511"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2565"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2566"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3816"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201810-08"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3744-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4269"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1878/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:3816", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-0:5.9.6.5-3.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-12-13T00:00:00Z"}, {"advisory": "RHSA-2018:3816", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-amazon-smartstate-0:5.9.6.5-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-12-13T00:00:00Z"}, {"advisory": "RHSA-2018:3816", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-appliance-0:5.9.6.5-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-12-13T00:00:00Z"}, {"advisory": "RHSA-2018:3816", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-gemset-0:5.9.6.5-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-12-13T00:00:00Z"}, {"advisory": "RHSA-2018:3816", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "dbus-api-service-0:1.0.1-3.1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-12-13T00:00:00Z"}, {"advisory": "RHSA-2018:3816", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "httpd-configmap-generator-0:0.2.2-1.2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-12-13T00:00:00Z"}, {"advisory": "RHSA-2018:3816", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "postgresql96-0:9.6.10-1PGDG.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-12-13T00:00:00Z"}, {"advisory": "RHSA-2018:2511", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql95-postgresql-0:9.5.14-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-08-20T00:00:00Z"}, {"advisory": "RHSA-2018:2566", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql96-postgresql-0:9.6.10-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2511", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql95-postgresql-0:9.5.14-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-08-20T00:00:00Z"}, {"advisory": "RHSA-2018:2566", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql96-postgresql-0:9.6.10-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2511", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.14-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-08-20T00:00:00Z"}, {"advisory": "RHSA-2018:2565", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2566", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.10-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2511", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.14-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-08-20T00:00:00Z"}, {"advisory": "RHSA-2018:2565", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2566", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.10-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2511", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.14-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-08-20T00:00:00Z"}, {"advisory": "RHSA-2018:2565", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2566", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.10-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2511", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.14-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-08-20T00:00:00Z"}, {"advisory": "RHSA-2018:2565", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.5-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-08-27T00:00:00Z"}, {"advisory": "RHSA-2018:2566", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.10-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-08-27T00:00:00Z"}], "bugzilla": {"description": "postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements", "id": "1612619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612619"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified"}, "cwe": "CWE-863", "details": ["It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table.", "It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table."], "name": "CVE-2018-10925", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Affected", "package_name": "postgresql94", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Affected", "package_name": "postgresql96", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libpq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "millicore", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Will not fix", "impact": "moderate", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Affected", "impact": "moderate", "package_name": "rhvm-appliance", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-08-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-10925\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10925\nhttps://www.postgresql.org/about/news/1878/"], "statement": "Red Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue.\nThis issue affects the versions of the postsgresql package as shipped with Red Hat Satellite 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5.8. A future update may address this issue.", "threat_severity": "Important", "upstream_fix": "postgresql 10.5, postgresql 9.6.10, postgresql 9.5.14"}