Threat Encyclopedia

PostgreSQL: Partition constraint violation errors leak values of denied columns

Description

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to exploit are more rare.

Affected Products

PostgreSQL

CVE References

CVE-2021-3393