CVE-2021-22028

Summary

In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/agpfdist (Greenplum)gpfdist (Greenplum) versions 6.x.0 prior to 6.14.0 and 5.28.x prior to 5.28.6affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References