CVE-2021-20229

CVE-2021-20229

Name

CVE-2021-20229

Description

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1925296
Third Party Advisory	https://security.netapp.com/advisory/ntap-20210326-0005/
Third Party Advisory	https://security.gentoo.org/glsa/202105-32

Type

URI

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1925296

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210326-0005/

Third Party Advisory

https://security.gentoo.org/glsa/202105-32

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 9.5.0	< 9.5.25
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 9.6.0	< 9.6.21
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 10.0	< 10.16
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 11.0	< 11.11
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 12.0	< 12.6
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 13.0	< 13.2

CPE URI

Source package

Min version

Max version