CVE-2021-3393 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Information disclosure |
Description | A security issue was found in PostgreSQL 11 to 13 before version 13.2. A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to exploit are more rare. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1567 | postgresql | 13.1-3 | 13.2-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
20 Feb 2021 | ASA-202102-31 | AVG-1567 | postgresql | Medium | information disclosure |
References |
---|
https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ https://github.com/postgres/postgres/commit/8e56684d54d44ba4ed737d5847d31fba6fb13763 |