BIT-postgresql-2021-23214
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2021-23214.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-postgresql-2021-23214
- Aliases
- Published
- 2024-03-06T11:05:31.701Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
- Database specific
{ "cpes": [ "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:14.0:*:*:*:*:*:*:*" ], "severity": "High" }- References
-
- https://bugzilla.redhat.com/show_bug.cgi?id=2022666
- https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951
- https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951
- https://security.gentoo.org/glsa/202211-04
- https://www.postgresql.org/support/security/CVE-2021-23214/
Affected packages
Bitnami / postgresql
Package
- Name
- postgresql
- Purl
- pkg:bitnami/postgresql
Severity
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.6.24Introduced10.0.0Fixed10.19.0Introduced11.0.0Fixed11.14.0Introduced12.0.0Fixed12.9.0Introduced13.0.0Fixed13.5.0
- Type
- SEMVER
- Events
-
Introduced14.0.0Last affected14.0.0