Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.
References
Link | Resource |
---|---|
https://github.com/yandex/odyssey/issues/376%2C | |
https://www.postgresql.org/support/security/CVE-2021-23214/ | Not Applicable |
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-08-25 18:15
Updated : 2024-02-28 19:29
NVD link : CVE-2021-43766
Mitre link : CVE-2021-43766
CVE.ORG link : CVE-2021-43766
JSON object : View
Products Affected
odyssey_project
- odyssey