Threat Encyclopedia

PostgreSQL: Partition constraint violation errors leak values of denied columns


A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to exploit are more rare.

Affected Products


CVE References