CVE-2021-20229
First published: Thu Feb 04 2021(Updated: )
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postgresql | <13.2 | 13.2 |
| PostgreSQL PostgreSQL | >=13.0<13.2 | |
| Redhat Software Collections | ||
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1927862
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1927861
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1927860
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1927864
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1927863
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1927859
- https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=c028faf2a
- https://www.postgresql.org/support/security/CVE-2021-20229/
- https://bugzilla.redhat.com/show_bug.cgi?id=1925296
- https://security.gentoo.org/glsa/202105-32
- https://security.netapp.com/advisory/ntap-20210326-0005/
Frequently Asked Questions
What is CVE-2021-20229?
CVE-2021-20229 is a vulnerability found in PostgreSQL versions before 13.2 that allows a user with SELECT privilege on one column to craft a special query to retrieve all columns of the table, posing a confidentiality risk.
What is the severity of CVE-2021-20229?
The severity of CVE-2021-20229 is medium, with a severity score of 4.3.
How does CVE-2021-20229 affect PostgreSQL?
CVE-2021-20229 affects PostgreSQL versions before 13.2, allowing a user with SELECT privilege on one column to retrieve all columns of the table, compromising confidentiality.
What software versions are affected by CVE-2021-20229?
PostgreSQL versions before 13.2 are affected by CVE-2021-20229.
How can I mitigate the risk of CVE-2021-20229?
To mitigate the risk of CVE-2021-20229, update PostgreSQL to version 13.2 or apply the necessary patches provided by the vendor.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20229
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/13.0
- vendor/redhat
- canonical/redhat software collections
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33