PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID16433
PG Version9.5.0
Opened2020-05-13 10:06:51+00
Reported bylokesh goyal

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      16433
Logged by:          lokesh goyal
Email address:      (redacted)
PostgreSQL version: 9.5.0
Operating system:   website

Information disclosure is a critical bug because it contains the information
related to user name, mail_id , password or etc. And i got a log file which
contain the administrator mail_id, username or password and also it contain
a database details so it must be secure. Because it is very useful for
attacker to takeover any other users database without authentication. 
Hope you check this log file.

Vulnerable link: This is the vulnerable link which disclose install.log file
which contain administrator details.


2020-05-13 10:06:51+00PG Bug reporting formBUG #16433: Information disclosure via log file
2020-05-13 10:45:58+00Magnus HaganderRe: BUG #16433: Information disclosure via log file