{"containers": {"cna": {"affected": [{"product": "postgresql", "vendor": "The PostgreSQL Project", "versions": [{"status": "affected", "version": "11.1"}, {"status": "affected", "version": "10.6"}]}], "datePublic": "2018-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-12-03T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-3818-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3818-1/"}, {"name": "RHSA-2018:3757", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3757"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.postgresql.org/about/news/1905/"}, {"name": "1042144", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1042144"}, {"name": "GLSA-201811-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201811-24"}, {"name": "105923", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105923"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16850", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "postgresql", "version": {"version_data": [{"version_value": "11.1"}, {"version_value": "10.6"}]}}]}, "vendor_name": "The PostgreSQL Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges."}]}, "impact": {"cvss": [[{"vectorString": "8/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89"}]}]}, "references": {"reference_data": [{"name": "USN-3818-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3818-1/"}, {"name": "RHSA-2018:3757", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3757"}, {"name": "https://www.postgresql.org/about/news/1905/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1905/"}, {"name": "1042144", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042144"}, {"name": "GLSA-201811-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-24"}, {"name": "105923", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105923"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:32:54.106Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3818-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3818-1/"}, {"name": "RHSA-2018:3757", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3757"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.postgresql.org/about/news/1905/"}, {"name": "1042144", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1042144"}, {"name": "GLSA-201811-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201811-24"}, {"name": "105923", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105923"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16850", "datePublished": "2018-11-13T15:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.106Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC4B952B-FE12-4D55-A4E3-0D719C99DFE9", "versionEndExcluding": "10.6", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "F42E301A-B6BC-41E5-92D6-1CF9A3D2BB4F", "versionEndExcluding": "11.1", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges."}, {"lang": "es", "value": "postgresql en versiones anteriores a la 11.1 y 10.6 es vulnerable a una inyecci\u00f3n SQL en pg_upgrade y pg_dump mediante CREATE TRIGGER ... REFERENCING. Mediante una definici\u00f3n de detonador manipulado para tal prop\u00f3sito, un atacante puede provocar que la ejecuci\u00f3n con privilegios de superusuario de instrucciones SQL."}], "id": "CVE-2018-16850", "lastModified": "2023-01-19T20:11:14.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-13T15:29:00.233", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105923"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1042144"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3757"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201811-24"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3818-1/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1905/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3757", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-12-03T00:00:00Z"}, {"advisory": "RHSA-2018:3757", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-12-03T00:00:00Z"}, {"advisory": "RHSA-2018:3757", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2018-12-03T00:00:00Z"}, {"advisory": "RHSA-2018:3757", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.6-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2018-12-03T00:00:00Z"}], "bugzilla": {"description": "postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING", "id": "1645937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645937"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-89", "details": ["postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.", "A SQL Injection flaw has been discovered in PostgreSQL server in the way triggers that enable transition relations are dumped. The transition relation name is not correctly quoted and it may allow an attacker with CREATE privilege on some non-temporary schema or TRIGGER privilege on some table to create a malicious trigger that, when dumped and restored, would result in additional SQL statements being executed."], "name": "CVE-2018-16850", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "postgresql96", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Not affected", "package_name": "postgresql96-libs", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libpq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Not affected", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-postgresql96-postgresql", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-11-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-16850\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16850\nhttps://www.postgresql.org/about/news/1905/"], "statement": "This issue did not affect the versions of postgresql as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for triggers with `referecing` syntax, which was included in a later version of the program. \nIt also doesn't affect the versions of postgresql shipped with CloudForms 4.2, 4.5 and 4.6, and Satellite 5, for the same reason as above.\nThis issue did not affect the versions of postgresql shipped within Tower, as there is no code path for Tower users to call the CREATE statement.", "threat_severity": "Important", "upstream_fix": "postgresql 11.1, postgresql 10.6"}