Vulnerabilities > CVE-2021-20229 - Incorrect Authorization vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2021-02-23

Updated: 2021-06-09

Summary

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql 13.0 Postgresql Postgresql 13.1	2
Application	Redhat Redhat Software Collections -	1
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0	2
OS	Fedoraproject Fedoraproject Fedora 33	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://bugzilla.redhat.com/show_bug.cgi?id=1925296
https://security.netapp.com/advisory/ntap-20210326-0005/
https://security.gentoo.org/glsa/202105-32