30th September 2021: PostgreSQL 14 Released!

CVE-2018-1053

pg_upgrade creates file of sensitive metadata under prevailing umask

Version Information

Affected Version Fixed In Fix Published
10 10.2 2018-02-08
9.6 9.6.7 2018-02-08
9.5 9.5.11 2018-02-08
9.4 9.4.16 2018-02-08
9.3 9.3.21 2018-02-08

For more information about PostgreSQL versioning, please visit the versioning page.

CVSS 3.0

Overall Score 6.7
Component client
Vector AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Reporting Security Vulnerabilities

If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.

For reporting non-security bugs, please see the Report a Bug page.