In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database.
A malicious user with access to logs can read sensitive(credentials) information about users.
Patches
[5X] 1808c4d
[6X] 098d517
Credits
Thanks to ZTE Corporation and the researchers Zhou Guangtan, Lou Aizhen and Duan Feilei for reporting the vulnerability to us.
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database.
A malicious user with access to logs can read sensitive(credentials) information about users.
Patches
[5X] 1808c4d
[6X] 098d517
Credits
Thanks to ZTE Corporation and the researchers Zhou Guangtan, Lou Aizhen and Duan Feilei for reporting the vulnerability to us.