CVE-2021-23214

Updated: 2024-03-19 02:53:58.540329

Description:

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5.1
CVSS Version 3.x HIGH 8.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 7 ELS postgresql 9.2.24 8.1 HIGH In Rollout CLSA-2024:1712837808 2024-04-11 10:04:18
Ubuntu 16.04 ELS postgresql-9.5 9.5.25-0 8.1 HIGH Released CLSA-2022:1657814447 2022-07-18 08:59:50