CVE-2021-43767 - OpenCVE

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Postgresql	Postgresql

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:14.0:::::::*

No data.

References

Link	Providers
https://github.com/yandex/odyssey/issues/377%2C
https://www.postgresql.org/support/security/CVE-2021-23222/

History

No history.

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2022-08-25T17:27:39

Updated: 2024-08-04T04:03:08.608Z

Reserved: 2021-11-15T00:00:00

Link: CVE-2021-43767

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-25T18:15:09.377

Modified: 2023-11-07T03:39:25.637

Link: CVE-2021-43767

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Odyssey", "vendor": "n/a", "versions": [{"status": "affected", "version": "Odyssey 1.1"}]}], "descriptions": [{"lang": "en", "value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-25T17:27:39", "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.postgresql.org/support/security/CVE-2021-23222/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/yandex/odyssey/issues/377%2C"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "patrick@puiterwijk.org", "ID": "CVE-2021-43767", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Odyssey", "version": {"version_data": [{"version_value": "Odyssey 1.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522"}]}]}, "references": {"reference_data": [{"name": "https://www.postgresql.org/support/security/CVE-2021-23222/", "refsource": "MISC", "url": "https://www.postgresql.org/support/security/CVE-2021-23222/"}, {"name": "https://github.com/yandex/odyssey/issues/377,", "refsource": "MISC", "url": "https://github.com/yandex/odyssey/issues/377,"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.608Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.postgresql.org/support/security/CVE-2021-23222/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/yandex/odyssey/issues/377%2C"}]}]}, "cveMetadata": {"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "assignerShortName": "fedora", "cveId": "CVE-2021-43767", "datePublished": "2022-08-25T17:27:39", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-04T04:03:08.608Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E950ED8-CA9E-4C53-BD86-7E1BEF561E9A", "versionEndExcluding": "9.6.24", "versionStartIncluding": "9.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "C495B1CF-63CD-4E10-A9B2-6FD773AD5243", "versionEndExcluding": "10.19", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "121A1F97-8480-4C15-AAA6-256CB1C0DD47", "versionEndExcluding": "11.14", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E585815-7CA4-4B66-B222-28064F4600C7", "versionEndExcluding": "12.9", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4F8E475-7A26-4157-8E42-91D37845436C", "versionEndExcluding": "13.5", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7DAB70A-574C-45E0-BC26-0C980E58907B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL."}, {"lang": "es", "value": "Odyssey pasa al cliente bytes no encriptados por el hombre en el medio Cuando el almacenamiento de Odyssey est\u00e1 configurado para usar el servidor PostgreSQL usando autenticaci\u00f3n \"trust\" con un requisito \"clientcert\" o para usar autenticaci\u00f3n \"cert\", un atacante hombre en el medio puede inyectar respuestas falsas a las primeras consultas del cliente. A pesar del uso de la verificaci\u00f3n y el cifrado del certificado SSL, Odyssey pasar\u00e1 estos resultados al cliente como si hubieran sido originados en un servidor v\u00e1lido. Esto es similar a CVE-2021-23222 para PostgreSQL."}], "id": "CVE-2021-43767", "lastModified": "2023-11-07T03:39:25.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-25T18:15:09.377", "references": [{"source": "patrick@puiterwijk.org", "url": "https://github.com/yandex/odyssey/issues/377%2C"}, {"source": "patrick@puiterwijk.org", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2021-23222/"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}