CVE-2021-23214

Public on 2022-03-04
Modified on 2023-05-01
Description
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Severity
Medium severity
Medium
CVSS v3 Base Score
8.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 2 - Core postgresql 2023-02-17 ALAS2-2023-1949 Fixed
HAQM Linux 2023 postgresql15 Not Affected
HAQM Linux 1 postgresql92 2023-01-18 ALAS-2023-1657 Fixed
HAQM Linux 1 postgresql93 2023-01-18 ALAS-2023-1658 Fixed
HAQM Linux 1 postgresql94 2023-01-18 ALAS-2023-1659 Fixed
HAQM Linux 1 postgresql95 2023-01-18 ALAS-2023-1660 Fixed
HAQM Linux 1 postgresql96 2023-01-18 ALAS-2023-1661 Fixed

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv3 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H