CVE Vulnerability

CVE-2021-43766

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.

8.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.postgresql.org/support/security/CVE-2021-23214/ Not Applicable
https://github.com/yandex/odyssey/issues/376, Broken Link
Configurations

Configuration 1

cpe:2.3:a:odyssey_project:odyssey:1.1:*:*:*:*:*:*:*
Information

Published : 2022-08-25 06:15

Updated : 2022-12-21 03:01

NVD link : CVE-2021-43766

Mitre link : CVE-2021-43766

Products Affected
No products.
CWE
CWE-295

Improper Certificate Validation