CVE-2021-20229

Published: 23 February 2021

A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
postgresql-13
Launchpad, Ubuntu, Debian
Upstream
Released (13.2-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (13.2-1)
Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist