vulnerability
Amazon Linux AMI: CVE-2018-1115: Security patch for postgresql96 (ALAS-2018-1119)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:N/I:P/A:P) | May 10, 2018 | Dec 7, 2018 | Oct 14, 2022 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Published
May 10, 2018
Added
Dec 7, 2018
Modified
Oct 14, 2022
Description
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
Solution
amazon-linux-upgrade-postgresql96
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.