Описание
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 12.6-0ubuntu0.20.04.1 |
| focal | released | 12.6-0ubuntu0.20.04.1 |
| groovy | released | 12.6-0ubuntu0.20.10.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 12.6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 13.2-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 13.2-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| precise/esm | not-affected | code not present |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | code not present |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | code not present |
| focal | DNE | |
| groovy | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
3.5 Low
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
An information leak was discovered in postgresql in versions before 13 ...
3.5 Low
CVSS2
4.3 Medium
CVSS3