CVE-2021-20229

Опубликовано: 11 фев. 2021

Источник: redhat

CVSS3: 3.1

EPSS Низкий

Описание

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

A flaw was found in PostgreSQL. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Quarkus	postgresql	Not affected
Red Hat Decision Manager 7	postgresql	Not affected
Red Hat Enterprise Linux 6	postgresql	Out of support scope
Red Hat Enterprise Linux 7	postgresql	Fix deferred
Red Hat Enterprise Linux 8	libpq	Not affected
Red Hat Enterprise Linux 8	postgresql:10/postgresql	Not affected
Red Hat Enterprise Linux 8	postgresql:12/postgresql	Not affected
Red Hat Enterprise Linux 8	postgresql:9.6/postgresql	Not affected
Red Hat Enterprise Linux 9	postgresql	Not affected
Red Hat Fuse 7	postgresql	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-863

https://bugzilla.redhat.com/show_bug.cgi?id=1925296postgresql: single-column SELECT privilege enables reading all columns

EPSS

Процентиль: 25%

0.00086

Низкий

3.1 Low

CVSS3

Связанные уязвимости

CVE-2021-20229

CVSS3: 4.3

ubuntu

почти 5 лет назад

CVE-2021-20229

CVSS3: 4.3

nvd

почти 5 лет назад

CVE-2021-20229

CVSS3: 4.3

msrc

почти 5 лет назад

CVE-2021-20229

CVSS3: 4.3

debian

почти 5 лет назад

A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ...

GHSA-43rr-wcj9-h45w

CVSS3: 4.3

github

почти 4 года назад

Incorrect Authorization in PostgreSQL

EPSS

Процентиль: 25%

0.00086

Низкий

3.1 Low

CVSS3