A security issue was found in PostgreSQL 13 before version 13.2. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table. Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed.
|20 Feb 2021||ASA-202102-31||AVG-1567||postgresql||Medium||information disclosure|