How severe is CVE-2018-1053?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2018-1053?

This is classified as CWE-377, which is a common weakness in software security.

CVE-2018-1053

HIGH Year: 2018

CVSS v3 Score

7.0

High

CVSS v2 Score

3.3

Low

Weakness Type

CWE-377

View all →

Vulnerability Description

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

CVE-2020-2016

HIGH

CVSS:7.0(High)

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who...

CWE-3772020

CVE-2020-8032

HIGH

CVSS:7.0(High)

A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4....

CWE-3772020

CVE-2020-1991

HIGH

CVSS:7.1(High)

An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks T...

CWE-3772020

CVE-2020-25636

HIGH

CVSS:7.1(High)

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have...

CWE-3772020

CVE-2022-3952

HIGH

CVSS:7.1(High)

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipula...

CWE-3772022

CVE-2021-20202

HIGH

CVSS:7.3(High)

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to th...

CWE-3772021

CVE-2018-1053

Vulnerability Description

Related Vulnerabilities

CVE-2020-2016

CVE-2020-8032

CVE-2020-1991

CVE-2020-25636

CVE-2022-3952

CVE-2021-20202