VDB
BIT-postgresql-2021-23214
BIT-postgresql-2021-23214
PUBLISHED
CVSS 8.100000381469727 HIGH
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | postgresql | 0, 10.0.0, 11.0.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2022666 url
- https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951 url
- https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951 url
- https://security.gentoo.org/glsa/202211-04 url
- https://www.postgresql.org/support/security/CVE-2021-23214/ url
- https://nvd.nist.gov/vuln/detail/CVE-2021-23214 url