Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by Greenplum
CVE-2021-22028 (GCVE-0-2021-22028)
Vulnerability from cvelistv5 – Published: 2021-11-19 16:17 – Updated: 2024-08-03 18:30
VLAI
Summary
In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.
Severity
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/greenplum-db/gpdb/security/adv… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | gpfdist (Greenplum) |
Affected:
gpfdist (Greenplum) versions 6.x.0 prior to 6.14.0 and 5.28.x prior to 5.28.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gpfdist (Greenplum)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gpfdist (Greenplum) versions 6.x.0 prior to 6.14.0 and 5.28.x prior to 5.28.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T16:17:47.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpfdist (Greenplum)",
"version": {
"version_data": [
{
"version_value": "gpfdist (Greenplum) versions 6.x.0 prior to 6.14.0 and 5.28.x prior to 5.28.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2",
"refsource": "MISC",
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22028",
"datePublished": "2021-11-19T16:17:47.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22030 (GCVE-0-2021-22030)
Vulnerability from cvelistv5 – Published: 2021-11-19 16:04 – Updated: 2024-08-03 18:30
VLAI
Summary
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users
Severity
No CVSS data available.
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/greenplum-db/gpdb/security/adv… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GPDB (Greenplum database) |
Affected:
gpfdist (Greenplum) versions 6.x prior to 6.17.0 and 5.28.x prior to 5.28.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPDB (Greenplum database)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gpfdist (Greenplum) versions 6.x prior to 6.17.0 and 5.28.x prior to 5.28.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T16:04:46.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPDB (Greenplum database)",
"version": {
"version_data": [
{
"version_value": "gpfdist (Greenplum) versions 6.x prior to 6.17.0 and 5.28.x prior to 5.28.14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr",
"refsource": "MISC",
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22030",
"datePublished": "2021-11-19T16:04:46.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22028 (GCVE-0-2021-22028)
Vulnerability from nvd – Published: 2021-11-19 16:17 – Updated: 2024-08-03 18:30
VLAI
Summary
In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.
Severity
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/greenplum-db/gpdb/security/adv… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | gpfdist (Greenplum) |
Affected:
gpfdist (Greenplum) versions 6.x.0 prior to 6.14.0 and 5.28.x prior to 5.28.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gpfdist (Greenplum)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gpfdist (Greenplum) versions 6.x.0 prior to 6.14.0 and 5.28.x prior to 5.28.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T16:17:47.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gpfdist (Greenplum)",
"version": {
"version_data": [
{
"version_value": "gpfdist (Greenplum) versions 6.x.0 prior to 6.14.0 and 5.28.x prior to 5.28.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2",
"refsource": "MISC",
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hqh5-m87w-57w2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22028",
"datePublished": "2021-11-19T16:17:47.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22030 (GCVE-0-2021-22030)
Vulnerability from nvd – Published: 2021-11-19 16:04 – Updated: 2024-08-03 18:30
VLAI
Summary
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users
Severity
No CVSS data available.
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/greenplum-db/gpdb/security/adv… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GPDB (Greenplum database) |
Affected:
gpfdist (Greenplum) versions 6.x prior to 6.17.0 and 5.28.x prior to 5.28.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPDB (Greenplum database)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "gpfdist (Greenplum) versions 6.x prior to 6.17.0 and 5.28.x prior to 5.28.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T16:04:46.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPDB (Greenplum database)",
"version": {
"version_data": [
{
"version_value": "gpfdist (Greenplum) versions 6.x prior to 6.17.0 and 5.28.x prior to 5.28.14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr",
"refsource": "MISC",
"url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-c7w8-gx27-h4mr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22030",
"datePublished": "2021-11-19T16:04:46.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2018-000008
Vulnerability from jvndb - Published: 2018-02-02 12:28 - Updated:2018-06-14 13:48
Severity
Summary
Spring Security and Spring Framework vulnerable to authentication bypass
Details
Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability.
Macchinetta Framework Development Team : NTT COMWARE, NTT DATA Corporation, and NTT reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000008.html",
"dc:date": "2018-06-14T13:48+09:00",
"dcterms:issued": "2018-02-02T12:28+09:00",
"dcterms:modified": "2018-06-14T13:48+09:00",
"description": "Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability.\r\n\r\nMacchinetta Framework Development Team : NTT COMWARE, NTT DATA Corporation, and NTT reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000008.html",
"sec:cpe": [
{
"#text": "cpe:/a:greenplum:spring_framework",
"@product": "Spring Framework",
"@vendor": "Greenplum",
"@version": "2.2"
},
{
"#text": "cpe:/a:greenplum:spring_security",
"@product": "Spring Security",
"@vendor": "Greenplum",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000008",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN15643848/index.html",
"@id": "JVN#15643848",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199",
"@id": "CVE-2018-1199",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-1199",
"@id": "CVE-2018-1199",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Spring Security and Spring Framework vulnerable to authentication bypass"
}