The installer writes a password to a temporary file in its installation
directory, creates initial databases, and deletes the file. During those
seconds while the file exists, a local attacker can read the superuser
password from the file.
Name: the PostgreSQL project
Upstream: Noah Misch
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):