CVE-2021-3393

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1924005

https://security.netapp.com/advisory/ntap-20210507-0006/

https://security.gentoo.org/glsa/202105-32

Details

Source: MITRE

Published: 2021-04-01

Updated: 2021-06-04

Type: CWE-209

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
150837CentOS 8 : postgresql:12 (CESA-2021:2372)NessusCentOS Local Security Checks
high
150815RHEL 8 : postgresql:12 (RHSA-2021:2372)NessusRed Hat Local Security Checks
high
150790RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:2394)NessusRed Hat Local Security Checks
high
150759RHEL 8 : postgresql:12 (RHSA-2021:2389)NessusRed Hat Local Security Checks
high
150723Oracle Linux 8 : postgresql:12 (ELSA-2021-2372)NessusOracle Linux Local Security Checks
high
150100SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2021:1783-1)NessusSuSE Local Security Checks
medium
148419PostgreSQL 11.x < 11.11 / 12.x < 12.6 / 13.x < 13.2 Multiple VulnerabilitiesNessusDatabases
medium
147850openSUSE Security Update : postgresql12 (openSUSE-2021-423)NessusSuSE Local Security Checks
medium
147050SUSE SLES15 Security Update : postgresql12 (SUSE-SU-2021:0695-1)NessusSuSE Local Security Checks
medium
146789SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:0544-1)NessusSuSE Local Security Checks
medium
146788SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:0543-1)NessusSuSE Local Security Checks
medium
146785SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2021:0545-1)NessusSuSE Local Security Checks
medium
146494Ubuntu 20.04 LTS / 20.10 : PostgreSQL vulnerability (USN-4735-1)NessusUbuntu Local Security Checks
medium