Unrated severityNVD Advisory· Published Apr 1, 2021· Updated Aug 3, 2024
CVE-2021-3393
CVE-2021-3393
Description
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Affected products
31- postgresql/postgresqldescription
- osv-coords30 versionspkg:bitnami/postgresqlpkg:rpm/almalinux/postgres-decoderbufspkg:rpm/opensuse/postgresql11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql12&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/postgresql12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql13&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql15&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql17&distro=openSUSE%20Tumbleweedpkg:rpm/suse/postgresql12&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/postgresql12&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/postgresql12&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/postgresql12&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 11.11.0+ 29 more
- (no CPE)range: < 11.11.0
- (no CPE)range: < 0.10.0-2.module_el8.6.0+2760+1746ec94
- (no CPE)range: < 11.13-1.3
- (no CPE)range: < 12.6-lp152.3.16.1
- (no CPE)range: < 12.8-1.3
- (no CPE)range: < 13.4-1.3
- (no CPE)range: < 14.5-2.1
- (no CPE)range: < 15.4-2.1
- (no CPE)range: < 16.4-1.1
- (no CPE)range: < 17.6-2.1
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.6-8.16.1
- (no CPE)range: < 12.6-8.16.1
- (no CPE)range: < 12.7-3.15.3
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.7-3.15.3
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.7-3.15.3
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 12.6-3.21.4
- (no CPE)range: < 13.2-5.6.1
- (no CPE)range: < 13.2-5.6.1
- (no CPE)range: < 13.2-5.6.1
- (no CPE)range: < 13.2-3.6.1
- (no CPE)range: < 13.2-3.6.1
- (no CPE)range: < 13.2-3.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.gentoo.org/glsa/202105-32mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210507-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.