vulnerability
CentOS Linux: CVE-2021-23214: Moderate: postgresql:12 security update (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:H/Au:N/C:P/I:P/A:P) | Dec 21, 2021 | Dec 22, 2021 | May 25, 2023 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
Dec 21, 2021
Added
Dec 22, 2021
Modified
May 25, 2023
Description
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Solution(s)
centos-upgrade-pg_repackcentos-upgrade-pg_repack-debuginfocentos-upgrade-pg_repack-debugsourcecentos-upgrade-pgauditcentos-upgrade-pgaudit-debuginfocentos-upgrade-pgaudit-debugsourcecentos-upgrade-postgres-decoderbufscentos-upgrade-postgres-decoderbufs-debuginfocentos-upgrade-postgres-decoderbufs-debugsourcecentos-upgrade-postgresqlcentos-upgrade-postgresql-contribcentos-upgrade-postgresql-contrib-debuginfocentos-upgrade-postgresql-debuginfocentos-upgrade-postgresql-debugsourcecentos-upgrade-postgresql-docscentos-upgrade-postgresql-docs-debuginfocentos-upgrade-postgresql-plperlcentos-upgrade-postgresql-plperl-debuginfocentos-upgrade-postgresql-plpython3centos-upgrade-postgresql-plpython3-debuginfocentos-upgrade-postgresql-pltclcentos-upgrade-postgresql-pltcl-debuginfocentos-upgrade-postgresql-servercentos-upgrade-postgresql-server-debuginfocentos-upgrade-postgresql-server-develcentos-upgrade-postgresql-server-devel-debuginfocentos-upgrade-postgresql-staticcentos-upgrade-postgresql-testcentos-upgrade-postgresql-test-debuginfocentos-upgrade-postgresql-test-rpm-macroscentos-upgrade-postgresql-upgradecentos-upgrade-postgresql-upgrade-debuginfocentos-upgrade-postgresql-upgrade-develcentos-upgrade-postgresql-upgrade-devel-debuginfo
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.