Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.
References
Link | Resource |
---|---|
https://github.com/yandex/odyssey/issues/376%2C | |
https://www.postgresql.org/support/security/CVE-2021-23214/ | Not Applicable |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fedora
Published: 2022-08-25T17:27:31
Updated: 2022-08-25T17:27:31
Reserved: 2021-11-15T00:00:00
Link: CVE-2021-43766
JSON object: View
NVD Information
Status : Modified
Published: 2022-08-25T18:15:09.317
Modified: 2023-11-07T03:39:25.563
Link: CVE-2021-43766
JSON object: View
Redhat Information
No data.