CVE-2021-28938

Name of the Vulnerable Software and Affected Versions: Siren Federate versions 6.8.14-10.3.9 and earlier Siren Federate versions 6.9.x through 7.6.x before 7.6.2-20.2 Siren Federate versions 7.7.x through 7.9.x before 7.9.3-21.6 Siren Federate versions 7.10.x before 7.10.2-22.2 Siren Federate versions 7.11.x before 7.11.2-23.0

Description: The issue allows user information to leak across thread contexts in opportunistic circumstances. This happens when a low-privilege user and a high-privilege user execute queries concurrently. The low-privilege user's query might run with the high-privilege user's privileges.

Recommendations: For versions 6.8.14-10.3.9 and earlier, update to version 6.8.14-10.3.9 or later. For versions 6.9.x through 7.6.x before 7.6.2-20.2, update to version 7.6.2-20.2 or later. For versions 7.7.x through 7.9.x before 7.9.3-21.6, update to version 7.9.3-21.6 or later. For versions 7.10.x before 7.10.2-22.2, update to version 7.10.2-22.2 or later. For versions 7.11.x before 7.11.2-23.0, update to version 7.11.2-23.0 or later.