Bug 1925296 (CVE-2021-20229)

Summary: CVE-2021-20229 postgresql: single-column SELECT privilege enables reading all columns
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: aileenc, akoufoud, alazarot, anon.amish, anstephe, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, clement.escoffier, dandread, darran.lofthouse, databases-maint, devrim, dkreling, dosoudil, eleandro, gmalinko, gsmet, hhorak, ibek, iweiss, janstey, jmlich83, jochrist, jorton, jpallich, jperkins, jwon, kaycoth, kverlaen, kwills, lgao, lthon, mike, mnovotny, msochure, msvehla, nwallace, pgallagh, pjindal, pkubat, pmackay, praiskup, probinso, rguimara, rruss, rstancel, rsvoboda, sbiarozk, smaestri, tgl, tom.jenkinson
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: postgresql 13.2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in PostgreSQL. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1927601, 1927602, 1927603, 1927604, 1927605, 1927606, 1927859, 1927860, 1927861, 1927862, 1927863, 1927864, 1967266, 1967267, 1967278, 1967279, 1967280, 1967281, 1967282, 1967283    
Bug Blocks: 1925298, 1925300    

Description Guilherme de Almeida Suckevicz 2021-02-04 19:53:05 UTC 
A user having SELECT privilege on one column can craft a special query that returns all columns of the table.

The PostgreSQL project thanks Sven Klemm for reporting this problem.
Comment 1 Guilherme de Almeida Suckevicz 2021-02-04 19:53:14 UTC 
Acknowledgments:

Name: Sven Klemm
Comment 3 Guilherme de Almeida Suckevicz 2021-02-11 17:02:04 UTC 
Created mingw-postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1927862]


Created postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1927861]


Created postgresql:10/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1927860]


Created postgresql:11/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1927864]


Created postgresql:12/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1927863]


Created postgresql:9.6/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1927859]
Comment 5 Tom Lane 2021-03-05 14:43:57 UTC 
Hey folks, this bug only affects Postgres 13.x, not earlier release branches.  See

https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=c028faf2a
Comment 6 Tomas Hoger 2021-06-04 08:23:19 UTC 
Upstream advisory:

https://www.postgresql.org/support/security/CVE-2021-20229/