Postgres Pro
Downloads
Home   >   mailing lists

Re: BUG #16433: Information disclosure via log file - Mailing list pgsql-bugs

From Magnus Hagander
Subject Re: BUG #16433: Information disclosure via log file
Date
Msg-id CABUevEwNNqnOJ=d_oagx54nJP7MMx4Tu+Dyc6Hg9St8To-MaBg@mail.gmail.com
Whole thread Raw
In response to BUG #16433: Information disclosure via log file  (PG Bug reporting form <noreply@postgresql.org>)
List pgsql-bugs
Tree view


On Wed, May 13, 2020 at 12:41 PM PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:

Bug reference:      16433
Logged by:          lokesh goyal
Email address:      lovely.goyal1998@gmail.com
PostgreSQL version: 9.5.0
Operating system:   website
Description:       

Information disclosure is a critical bug because it contains the information
related to user name, mail_id , password or etc. And i got a log file which
contain the administrator mail_id, username or password and also it contain
a database details so it must be secure. Because it is very useful for
attacker to takeover any other users database without authentication.
Hope you check this log file.


Vulnerable link: This is the vulnerable link which disclose install.log file
which contain administrator details.

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=2ahUKEwiz9bOPyrDpAhWMfn0KHQiECysQFjADegQIAxAB&url=https%3A%2F%2Fgroups.google.com%2Fgroup%2Fdataverse-community%2Fattach%2F5cbd71aaad706%2Finstall.log%3Fpart%3D0.2&usg=AOvVaw2zmOeHsbl07Gsvt2TXqDai


This log file is not from PostgreSQL. It appears to be from a product called "dataverse", so you probably want to contact those people instead.

--

pgsql-bugs by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: BUG #16432: ECCN code for PGAdmin 3 and 4
Next
From: PG Bug reporting form
Date:
Subject: BUG #16434: some data lost