Описание
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
In Red Hat Gluster Storage 3, PostgreSQL (embedded in rhevm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters. In Red Hat Virtualization the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | postgresql | Not affected | ||
| Red Hat Decision Manager 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 9 | postgresql | Not affected | ||
| Red Hat Fuse 7 | postgresql | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | postgresql | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | postgresql | Not affected | ||
| Red Hat Process Automation 7 | postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...
Use of a Broken or Risky Cryptographic Algorithm in PostgreSQL
EPSS
8.1 High
CVSS3