CVE-2021-43767 (GCVE-0-2021-43767)

Vulnerability from cvelistv5 – Published: 2022-08-25 17:27 – Updated: 2024-08-04 04:03
VLAI?
Summary
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Odyssey Affected: Odyssey 1.1
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:08.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/support/security/CVE-2021-23222/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yandex/odyssey/issues/377%2C"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Odyssey",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Odyssey 1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using \u0027trust\u0027 authentication with a \u0027clientcert\u0027 requirement or to use \u0027cert\u0027 authentication, a man-in-the-middle attacker can inject false responses to the client\u0027s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-25T17:27:39",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.postgresql.org/support/security/CVE-2021-23222/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yandex/odyssey/issues/377%2C"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "patrick@puiterwijk.org",
          "ID": "CVE-2021-43767",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Odyssey",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Odyssey 1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using \u0027trust\u0027 authentication with a \u0027clientcert\u0027 requirement or to use \u0027cert\u0027 authentication, a man-in-the-middle attacker can inject false responses to the client\u0027s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.postgresql.org/support/security/CVE-2021-23222/",
              "refsource": "MISC",
              "url": "https://www.postgresql.org/support/security/CVE-2021-23222/"
            },
            {
              "name": "https://github.com/yandex/odyssey/issues/377,",
              "refsource": "MISC",
              "url": "https://github.com/yandex/odyssey/issues/377,"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2021-43767",
    "datePublished": "2022-08-25T17:27:39",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-04T04:03:08.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.6.0\", \"versionEndExcluding\": \"9.6.24\", \"matchCriteriaId\": \"2E950ED8-CA9E-4C53-BD86-7E1BEF561E9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0\", \"versionEndExcluding\": \"10.19\", \"matchCriteriaId\": \"C495B1CF-63CD-4E10-A9B2-6FD773AD5243\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.14\", \"matchCriteriaId\": \"121A1F97-8480-4C15-AAA6-256CB1C0DD47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.9\", \"matchCriteriaId\": \"1E585815-7CA4-4B66-B222-28064F4600C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.5\", \"matchCriteriaId\": \"D4F8E475-7A26-4157-8E42-91D37845436C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7DAB70A-574C-45E0-BC26-0C980E58907B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using \u0027trust\u0027 authentication with a \u0027clientcert\u0027 requirement or to use \u0027cert\u0027 authentication, a man-in-the-middle attacker can inject false responses to the client\u0027s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.\"}, {\"lang\": \"es\", \"value\": \"Odyssey pasa al cliente bytes no encriptados por el hombre en el medio Cuando el almacenamiento de Odyssey est\\u00e1 configurado para usar el servidor PostgreSQL usando autenticaci\\u00f3n \\\"trust\\\" con un requisito \\\"clientcert\\\" o para usar autenticaci\\u00f3n \\\"cert\\\", un atacante hombre en el medio puede inyectar respuestas falsas a las primeras consultas del cliente. A pesar del uso de la verificaci\\u00f3n y el cifrado del certificado SSL, Odyssey pasar\\u00e1 estos resultados al cliente como si hubieran sido originados en un servidor v\\u00e1lido. Esto es similar a CVE-2021-23222 para PostgreSQL.\"}]",
      "id": "CVE-2021-43767",
      "lastModified": "2024-11-21T06:29:45.000",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
      "published": "2022-08-25T18:15:09.377",
      "references": "[{\"url\": \"https://github.com/yandex/odyssey/issues/377%2C\", \"source\": \"patrick@puiterwijk.org\"}, {\"url\": \"https://www.postgresql.org/support/security/CVE-2021-23222/\", \"source\": \"patrick@puiterwijk.org\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/yandex/odyssey/issues/377%2C\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.postgresql.org/support/security/CVE-2021-23222/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "patrick@puiterwijk.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"patrick@puiterwijk.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-43767\",\"sourceIdentifier\":\"patrick@puiterwijk.org\",\"published\":\"2022-08-25T18:15:09.377\",\"lastModified\":\"2024-11-21T06:29:45.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using \u0027trust\u0027 authentication with a \u0027clientcert\u0027 requirement or to use \u0027cert\u0027 authentication, a man-in-the-middle attacker can inject false responses to the client\u0027s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.\"},{\"lang\":\"es\",\"value\":\"Odyssey pasa al cliente bytes no encriptados por el hombre en el medio Cuando el almacenamiento de Odyssey est\u00e1 configurado para usar el servidor PostgreSQL usando autenticaci\u00f3n \\\"trust\\\" con un requisito \\\"clientcert\\\" o para usar autenticaci\u00f3n \\\"cert\\\", un atacante hombre en el medio puede inyectar respuestas falsas a las primeras consultas del cliente. A pesar del uso de la verificaci\u00f3n y el cifrado del certificado SSL, Odyssey pasar\u00e1 estos resultados al cliente como si hubieran sido originados en un servidor v\u00e1lido. Esto es similar a CVE-2021-23222 para PostgreSQL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.6.0\",\"versionEndExcluding\":\"9.6.24\",\"matchCriteriaId\":\"2E950ED8-CA9E-4C53-BD86-7E1BEF561E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.19\",\"matchCriteriaId\":\"C495B1CF-63CD-4E10-A9B2-6FD773AD5243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.14\",\"matchCriteriaId\":\"121A1F97-8480-4C15-AAA6-256CB1C0DD47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.9\",\"matchCriteriaId\":\"1E585815-7CA4-4B66-B222-28064F4600C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.5\",\"matchCriteriaId\":\"D4F8E475-7A26-4157-8E42-91D37845436C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7DAB70A-574C-45E0-BC26-0C980E58907B\"}]}]}],\"references\":[{\"url\":\"https://github.com/yandex/odyssey/issues/377%2C\",\"source\":\"patrick@puiterwijk.org\"},{\"url\":\"https://www.postgresql.org/support/security/CVE-2021-23222/\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/yandex/odyssey/issues/377%2C\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.postgresql.org/support/security/CVE-2021-23222/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.