Technical Advisory 75758

On this page Carat arrow pointing down

Publication date: February 10, 2022


Under some circumstances, all users, including users without the admin role or CANCELQUERY option, are able to cancel any other users' sessions on the Sessions page of the DB Console on CockroachDB v20.2, v21.1, and v21.2.

This issue is fixed in v20.2.19, v21.1.14, and v21.2.5.


This issue is resolved in CockroachDB by #75814. The fix has been applied to maintenance versions v20.2.19, v21.1.14, and v21.2.5 of CockroachDB.

This public issue is tracked as #75758.


Users of CockroachDB are encouraged to upgrade to a maintenance version with the fix applied: v20.2.19, v21.1.14, or v21.2.5.


All deployments up to v20.2.18, v21.1.13, and v21.2.4 are affected.

Users without the appropriate permissions may cancel any other users' sessions from the DB Console.

Questions about any technical alert can be directed to our support team.

Yes No
On this page

Yes No