exploitDog

CVE-2021-22030

Опубликовано: 19 нояб. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users

Ссылки

https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr
Patch
Third Party Advisory
https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:greenplum:greenplum:*:*:*:*:*:*:*:*

Версия до 5.28.14 (исключая)

cpe:2.3:a:greenplum:greenplum:*:*:*:*:*:*:*:*

Версия от 6.0.0 (включая) до 6.17.0 (исключая)

EPSS

Процентиль: 69%

0.00589

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532

CWE-532

EPSS

Процентиль: 69%

0.00589

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532

CWE-532