CVE-2021-22030

2021-11-1916:04:46

CWE-532

vmware

www.cve.org

greenplum

database

sensitive information

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users

CNA Affected

[
  {
    "product": "GPDB (Greenplum database)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "gpfdist (Greenplum) versions 6.x  prior to 6.17.0 and 5.28.x prior to 5.28.14"
      }
    ]
  }
]

References

github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr