Hide Forgot
A user having SELECT privilege on one column can craft a special query that returns all columns of the table. The PostgreSQL project thanks Sven Klemm for reporting this problem.
Acknowledgments: Name: Sven Klemm
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 1927862] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1927861] Created postgresql:10/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1927860] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1927864] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1927863] Created postgresql:9.6/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1927859]
Hey folks, this bug only affects Postgres 13.x, not earlier release branches. See https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=c028faf2a
Upstream advisory: https://www.postgresql.org/support/security/CVE-2021-20229/