postgresql: Partition constraint violation errors leak values of denied columns

An information leak was discovered in postgresql. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information...

postgresql: Partition constraint violation errors leak values of denied columns

An information leak was discovered in postgresql. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information...

MGASA-2021-0121 Updated postgresql packages fix security vulnerabilities

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message CVE-2021-3393. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of...

USN-4735-1 postgresql-12 vulnerability

Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information...

Information Disclosure

postgresql-13 is vulnerable to information disclosure. An attacker may be able to acquire denied-column values from an error message...