{"uuid": "743407cf-c89d-43c4-a458-ccfe0f9ce6c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-1058", "type": "published-proof-of-concept", "source": "https://t.me/itsecalert/100", "content": "\u26a0\ufe0f PostgreSQL - escalation of privileges\neffected Versions: PostgreSQL < 9.3.22, PostgreSQL < 9.4.17, PostgreSQL < 9.5.12, PostgreSQL < 9.6.8, PostgreSQL < 10.3\n\nThe problem described in CVE-2018-1058 centers around the default \"public\" schema and how PostgreSQL uses the search_path setting. The attacker could insert a trojan-horse function that, when executed by a superuser, grants escalated privileges.\n\nBased on your setup, your installation is probably affected, but it may not be in imminent danger.\n\nThere are patches for several Distributions available. Today openSuse got an update. \n\nFurther information, samples and more: https://yt.gl/gqh7l\n(severity: \ud83d\udd39medium) \n\n#alert #vulnerability #severityhigh #PostgreSQL #CVE-2018-1058\nFeel free to discuss this in @itsectalk and let your local PostgreSQL admin know! \u2709\ufe0f\ud83d\udce2", "creation_timestamp": "2018-03-22T23:36:09.000000Z"}