postgres: Single-column SELECT privilege enables reading all columns (CVE-2021-20229)ID: oval:org.secpod.oval:def:1801861 | Date: (C)2021-03-15 (M)2022-02-01 |
Class: PATCH | Family: unix |
A security issue was found in PostgreSQL 13 before version 13.2. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table. Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed.
Platform: |
Alpine Linux 3.13 |