CVE-2021-22030

Summary

In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users

Affected Software

VendorProductVersion RangeStatus
n/aGPDB (Greenplum database)gpfdist (Greenplum) versions 6.x prior to 6.17.0 and 5.28.x prior to 5.28.14affected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CVE Program Container

Additional References

References