Unrated severityNVD Advisory· Published Aug 25, 2022· Updated Aug 4, 2024

CVE-2021-43767

Description

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.

Affected products

osv-coords
pkg:bitnami/postgresql
Range: >= 9.6.0, < 9.6.24

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/yandex/odyssey/issues/377%2Cmitrex_refsource_MISC
www.postgresql.org/support/security/CVE-2021-23222/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000