-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2021-3393.json
72 lines (72 loc) · 3.04 KB
/
CVE-2021-3393.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
{
"CVE-ID": "CVE-2021-3393",
"NVD": {
"Descriptions": "An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.",
"Cvss2_BaseScore": 3.5,
"Cvss3_BaseScore": 4.3,
"Cvss2_VectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"Cvss3_VectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CPEs": [
{
"URI": "cpe:/o:redhat:enterprise_linux:8.0",
"FormattedString": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"VersionStartExcluding": "",
"VersionStartIncluding": "",
"VersionEndExcluding": "",
"VersionEndIncluding": ""
},
{
"URI": "cpe:/a:redhat:software_collections:-",
"FormattedString": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
"VersionStartExcluding": "",
"VersionStartIncluding": "",
"VersionEndExcluding": "",
"VersionEndIncluding": ""
},
{
"URI": "cpe:/a:postgresql:postgresql",
"FormattedString": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"VersionStartExcluding": "",
"VersionStartIncluding": "",
"VersionEndExcluding": "11.11",
"VersionEndIncluding": ""
},
{
"URI": "cpe:/a:postgresql:postgresql",
"FormattedString": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"VersionStartExcluding": "",
"VersionStartIncluding": "12.0",
"VersionEndExcluding": "12.6",
"VersionEndIncluding": ""
},
{
"URI": "cpe:/a:postgresql:postgresql",
"FormattedString": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"VersionStartExcluding": "",
"VersionStartIncluding": "13.0",
"VersionEndExcluding": "13.2",
"VersionEndIncluding": ""
}
]
},
"Official": {
"11.11": {
"source": [
"https://www.postgresql.org/support/security/11/",
"https://www.postgresql.org/docs/release/11.11/"
]
},
"12.6": {
"source": [
"https://www.postgresql.org/support/security/12/",
"https://www.postgresql.org/docs/release/12.6/"
]
},
"13.2": {
"source": [
"https://www.postgresql.org/support/security/13/",
"https://www.postgresql.org/docs/release/13.2/"
]
}
}
}