PostgreSQL CVE-2021-3393 Information Disclosure Vulnerability

description-logoDescription

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar toCVE-2014-8161, but the conditions to exploit are more rare.

affected-products-logoAffected Applications

PostgreSQL

CVE References

CVE-2021-3393