PT-2021-5077 · Unknown+11 · Postgresql+10

Jacob Champion

·

Published

2021-11-10

·

Updated

2026-04-03

·

CVE-2021-23214

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to the fixed version
Description The issue is related to a man-in-the-middle attack when the server is configured to use trust authentication with a clientcert requirement or to use cert authentication. This allows an attacker to inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. The vulnerability is associated with the lack of protection for the SQL query structure, which can enable a remote attacker to execute arbitrary code.
Recommendations For versions prior to the fixed version, consider disabling the use of trust authentication with a clientcert requirement or cert authentication until a patch is available. Restrict access to the SQL query structure to minimize the risk of exploitation. Avoid using unencrypted connections to prevent man-in-the-middle attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Insufficiently Protected Credentials

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-522CWE-311

Related Identifiers

ALSA-2021:5235
ALSA-2021:5236
ALSA-2022:1830
ALT-PU-2021-3250
ALT-PU-2021-3251
ALT-PU-2021-3252
ALT-PU-2021-3253
ALT-PU-2021-3254
ALT-PU-2021-3255
ALT-PU-2021-3345
ALT-PU-2021-3346
ALT-PU-2021-3347
ALT-PU-2021-3348
ALT-PU-2021-3349
ALT-PU-2021-3350
ALT-PU-2021-3459
ALT-PU-2021-3460
ALT-PU-2021-3461
ALT-PU-2021-3462
ALT-PU-2021-3463
ALT-PU-2021-3564
ALT-PU-2021-3565
ALT-PU-2021-3566
ALT-PU-2021-3567
ALT-PU-2021-3600
ALT-PU-2022-1109
AZL-8973
BDU:2021-05857
BDU:2021-05996
BIT-POSTGRESQL-2021-23214
CESA-2021_5235
CESA-2021_5236
CESA-2022_1830
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2021-23214
DLA-2817-1
DSA-5006-1
DSA-5007-1
ECHO-75EA-A96E-C256
GHSA-9CFH-VX93-84VV
JLSEC-2026-29
MGASA-2021-0523
OESA-2022-1575
OESA-2022-1598
OESA-2022-2061
OPENSUSE-SU-2021:1584-1
OPENSUSE-SU-2021:3758-1
OPENSUSE-SU-2021:3759-1
OPENSUSE-SU-2021:3762-1
OPENSUSE-SU-2021:4058-1
OPENSUSE-SU-2021_1584-1
OPENSUSE-SU-2021_3758-1
OPENSUSE-SU-2021_3759-1
OPENSUSE-SU-2021_3762-1
OPENSUSE-SU-2021_4058-1
OPENSUSE-SU-2024:11625-1
OPENSUSE-SU-2024:11626-1
OPENSUSE-SU-2024:11627-1
OPENSUSE-SU-2024:11628-1
OPENSUSE-SU-2024:11629-1
OPENSUSE-SU-2024:13243-1
OPENSUSE-SU-2024:14360-1
OPENSUSE-SU-2025:15580-1
RHSA-2021:5179
RHSA-2021:5197
RHSA-2021:5235
RHSA-2021:5236
RHSA-2021_5235
RHSA-2021_5236
RHSA-2022:1830
RHSA-2022_1830
RLSA-2021:5235
RLSA-2021:5236
RLSA-2022:1830
SUSE-SU-2021:3755-1
SUSE-SU-2021:3757-1
SUSE-SU-2021:3758-1
SUSE-SU-2021:3759-1
SUSE-SU-2021:3760-1
SUSE-SU-2021:3761-1
SUSE-SU-2021:3762-1
SUSE-SU-2021:4058-1
SUSE-SU-2021_3755-1
SUSE-SU-2021_3757-1
SUSE-SU-2021_3758-1
SUSE-SU-2021_3759-1
SUSE-SU-2021_3760-1
SUSE-SU-2021_3761-1
SUSE-SU-2021_3762-1
SUSE-SU-2021_4058-1
SUSE-SU-2022:2893-1
SUSE-SU-2022:2958-1
SUSE-SU-2022_2893-1
SUSE-SU-2022_2958-1
USN-5145-1
USN-5645-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Postgresql
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu