### [CVE-2021-3393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3393)
![](https://img.shields.io/static/v1?label=Product&message=postgresql&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=postgresql%2013.2%2C%20postgresql%2012.6%2C%20postgresql%2011.11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-209&color=brightgreen)

### Description

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/n0-traces/cve_monitor
- https://github.com/pedr0alencar/vlab-metasploitable2