Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data
Vulnerability Description
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
DALIBO PostgreSQL Anonymizer 安全漏洞
Vulnerability Description
DALIBO PostgreSQL Anonymizer是法国(DALIBO)公司的一个用于屏蔽或替换 PostgreSQL 数据库中的个人身份信息 (PII) 或商业敏感数据的扩展软件。 DALIBO PostgreSQL Anonymizer v2.0版本和v2.1版本存在安全漏洞,该漏洞源于允许绕过掩码规则读取原始数据。
CVSS Information
N/A
Vulnerability Type
N/A