Lucene search

VmwareCVELIST:CVE-2021-22028

HistoryNov 19, 2021 - 4:17 p.m.

CVE-2021-22028

2021-11-1916:17:47

CWE-22

vmware

www.cve.org

greenplum

database

vulnerability

information disclosure

file system

read/write

AI Score

8.9

Confidence

High

EPSS

0.003

Percentile

71.4%

JSON

In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.

CNA Affected

[
  {
    "product": "gpfdist (Greenplum)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "gpfdist (Greenplum) versions 6.x.0  prior to 6.14.0 and 5.28.x prior to 5.28.6"
      }
    ]
  }
]

References

github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2