CVE-2018-1053

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

Published: 2018-02-09 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2018-1053 is rated Moderate Risk (42.1/100): CVSS High severity, with low exploitation likelihood (EPSS 0.51%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2018-1053

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.10% 0.51% +0.41%
2 2025-03-30 0.17% 0.10% -0.07%
3 2025-03-29 0.17%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2018-1053

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.0 3.0 HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.0 5.9 [email protected]
3.3 2.0 LOW
AV:L/AC:M/Au:N/C:P/I:P/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 3.4 4.9 [email protected]

Weakness enumeration for CVE-2018-1053

OS Trackers for CVE-2018-1053

vendor priority summary link
alpine high CVE-2018-1053: 3 source package rows (postgresql, postgresql14, postgresql15); 19 state rows across 11 repos (3.10-main, 3.11-main, 3.12-main, 3.17-main, 3.18-main, 3.19-community, 3.19-main, 3.20-community, 3.20-main, edge-community, edge-main); fixed 16, open 3. https://security.alpinelinux.org/vuln/CVE-2018-1053
redhat medium https://access.redhat.com/security/cve/CVE-2018-1053
suse low CVE-2018-1053 severity low: SUSE including 103 source package names (libecpg6, libecpg6-10.10-1.15.1, …), 216 product×package rows across 36 product lines (SUSE Linux Enterprise Desktop 12 SP2, SUSE Linux Enterprise Desktop 12 SP3, … (36 product lines)): Fixed 181, Known Not Affected 35. https://www.suse.com/security/cve/CVE-2018-1053/
ubuntu low CVE-2018-1053 low priority: Ubuntu including 6 source packages (postgresql-10, postgresql-9.1, postgresql-9.3, postgresql-9.4, postgresql-9.5, postgresql-9.6), 42 status rows across 7 suites (artful, bionic, cosmic, disco, trusty, upstream, xenial): DNE 31, needs-triage 5, released 4, not-affected 2. https://ubuntu.com/security/CVE-2018-1053

Affected software / configurations for CVE-2018-1053

Vendor Product Version Raw CPE
postgresql postgresql >= 9.3.0, < 9.3.21 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresql postgresql >= 9.4.0, < 9.4.16 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresql postgresql >= 9.5.0, < 9.5.11 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresql postgresql >= 9.6.0, < 9.6.7 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresql postgresql 10.0 cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*
postgresql postgresql 10.1 cpe:2.3:a:postgresql:postgresql:10.1:*:*:*:*:*:*:*
debian debian_linux 7.0 cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
canonical ubuntu_linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 17.10 cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
redhat cloudforms 4.6 cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*

References for CVE-2018-1053

cvelogic Threat Intelligence