CVE-2021-20229 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Information disclosure |
| Description | A security issue was found in PostgreSQL 13 before version 13.2. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table. Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1567 | postgresql | 13.1-3 | 13.2-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 20 Feb 2021 | ASA-202102-31 | AVG-1567 | postgresql | Medium | information disclosure |
| References |
|---|
https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ https://github.com/postgres/postgres/commit/d525fbcfd167b28818301d0a2d3548ae6a744588 |