7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
postgresql is vulnerable to authorization bypass. An attacker is able to bypass client-side connection security features to escalate privileges, execute arbitrary SQL statements. This is due to the failure of the client library to properly reset its internal state between connections, which leads to the malfunction of the PQescape()
function.
lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
www.securityfocus.com/bid/105054
www.securitytracker.com/id/1041446
access.redhat.com/errata/RHSA-2018:2511
access.redhat.com/errata/RHSA-2018:2557
access.redhat.com/errata/RHSA-2018:2565
access.redhat.com/errata/RHSA-2018:2566
access.redhat.com/errata/RHSA-2018:2643
access.redhat.com/errata/RHSA-2018:2721
access.redhat.com/errata/RHSA-2018:2729
access.redhat.com/errata/RHSA-2018:3816
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915
lists.debian.org/debian-lts-announce/2018/08/msg00012.html
security.gentoo.org/glsa/201810-08
usn.ubuntu.com/3744-1/
www.debian.org/security/2018/dsa-4269
www.postgresql.org/about/news/1878/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P