PostgreSQL Vulnerability Allows Unauthorized File Access
CVE-2018-1053
7HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 9 February 2018
What is CVE-2018-1053?
In PostgreSQL versions prior to 9.3.21, 9.4.16, 9.5.11, 9.6.7, and 10.2, a flaw exists in the pg_upgrade utility where it writes output files in the current working directory without ensuring secure file permissions. As a result, authenticated users may gain access to sensitive data, including database passwords, if file permissions are improperly set. This vulnerability poses a risk under certain directory and umask configurations, highlighting the importance of secure file handling practices.
Affected Version(s)
postgresql 9.3.x before 9.3.21
postgresql 9.4.x before 9.4.16
postgresql 9.5.x before 9.5.11