Errata ALT-PU-2021-1291-1: Information
Fixes
Published: Feb. 11, 2021
BDU:2021-00810
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками механизмов безопасности, позволяющая нарушителю получить значения столбцов из сообщения об ошибке (без привилегии SELECT)
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Feb. 23, 2021
BDU:2021-01131
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками механизма авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Feb. 23, 2021
Modified: June 9, 2021
Modified: June 9, 2021
CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 1, 2021
Modified: June 4, 2021
Modified: June 4, 2021
CVE-2021-3393
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links: