{"id":"CVE-2018-1115","details":"postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.","modified":"2026-03-15T22:18:37.453055Z","published":"2018-05-10T19:29:00.210Z","related":["MGASA-2018-0446","SUSE-SU-2018:1695-1","SUSE-SU-2018:2564-1","openSUSE-SU-2020:1227-1","openSUSE-SU-2024:11184-1"],"references":[{"type":"WEB","url":"https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=7b34740"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201810-08"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104285"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2565"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2566"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"9.6.9"}]},{"events":[{"introduced":"10.0"},{"fixed":"10.4"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1115.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}