Search Engine: Elastic

Article ID: 132380, created on Mar 14, 2018, last review on Mar 14, 2018

  • Applies to:
  • Operations Automation
  • Business Automation


On March 1, 2018, The PostgreSQL Global Development Group released an update to address CVE-2018-1058, which describes how a user can create like-named objects in different schemas that can change the behavior of other users' queries and cause unexpected or malicious behavior, also known as a "trojan-horse" attack.

Is it required to take any actions to mitigate CVE-2018-1058 on existing OA installations?


CVE-2018-1058 is relevant only for shared database hosting scenarios where PostgreSQL is used. To adress this vulnerability, it is possible to prohibit creation of objects in the PUBLIC schema.

The other scenarios (OA management node, billing databases, etc.) do not require any special actions to be taken to mitigate the CVE-2018-1058 as the potential attacker would need direct access to the database, and there should be users in the database to attack.

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae

Email subscription for changes to this article
Save as PDF