CVE-2021-20229

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 13.2 PostgreSQL versions prior to 12.6 PostgreSQL versions prior to 11.11 PostgreSQL versions prior to 10.16 PostgreSQL versions prior to 9.6.21 PostgreSQL versions prior to 9.5.25

Description A flaw was found in PostgreSQL that allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. This issue is related to shortcomings in the authorization mechanism, which can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 13.2, update to version 13.2 or later. For versions prior to 12.6, update to version 12.6 or later. For versions prior to 11.11, update to version 11.11 or later. For versions prior to 10.16, update to version 10.16 or later. For versions prior to 9.6.21, update to version 9.6.21 or later. For versions prior to 9.5.25, update to version 9.5.25 or later.