postgres: Partition constraint violation errors leak values of denied columns (CVE-2021-3393)ID: oval:org.secpod.oval:def:1801863 | Date: (C)2021-03-15 (M)2022-11-30 |
Class: PATCH | Family: unix |
A security issue was found in PostgreSQL 11 to 13 before version 13.2. A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to exploit are more rare.
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.13 |
Alpine Linux 3.9 |