Skip to content

Sensitive Information storage in logs of database

Low
divyabhargov published GHSA-c7w8-gx27-h4mr Nov 17, 2021

Package

GPDB (GPDB)

Affected versions

< 5.28.14
< 6.17.0

Patched versions

5.28.14
6.17.0

Description

In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database.

A malicious user with access to logs can read sensitive(credentials) information about users.

Patches

[5X] 1808c4d
[6X] 098d517

Credits

Thanks to ZTE Corporation and the researchers Zhou Guangtan, Lou Aizhen and Duan Feilei for reporting the vulnerability to us.

Severity

Low

CVE ID

CVE-2021-22030

Weaknesses

No CWEs