5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.6%
Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client’s first few queries, despite the use of TLS certificate verification and encryption.
The remaining text in this section is quoted verbatim from PostgreSQL’s CVE-2021-23222 advisory:
> If more preconditions hold, the attacker can exfiltrate the client’s password or other confidential data that might be transmitted early in a session. The attacker must have a way to trick the client’s intended server into making the confidential data accessible to the attacker. A known implementation having that property is a PostgreSQL configuration vulnerable to CVE-2021-23214. As with any exploitation of CVE-2021-23214, the server must be using trust authentication with a clientcert requirement or using cert authentication. To disclose a password, the client must be in possession of a password, which is atypical when using an authentication configuration vulnerable to CVE-2021-23214. The attacker must have some other way to access the server to retrieve the exfiltrated data (a valid, unprivileged login account would be sufficient).
The vulnerability is addressed in PostgresNIO versions starting from 1.14.2 via 2df54bc94607f44584ae6ffa74e3cd754fffafc7, which required additional support from SwiftNIO.
There are no known workarounds for unpatched users.
Special thanks to PostgreSQL’s Tom Lane <[email protected]> for reporting this issue!
CPE | Name | Operator | Version |
---|---|---|---|
github.com/vapor/postgres-nio | lt | 1.14.2 |
github.com/advisories/GHSA-467w-rrqc-395f
github.com/advisories/GHSA-735f-7qx4-jqq5
github.com/advisories/GHSA-9cfh-vx93-84vv
github.com/apple/swift-nio/pull/2419
github.com/vapor/postgres-nio/commit/2df54bc94607f44584ae6ffa74e3cd754fffafc7
github.com/vapor/postgres-nio/releases/tag/1.14.2
github.com/vapor/postgres-nio/security/advisories/GHSA-9cfh-vx93-84vv
nvd.nist.gov/vuln/detail/CVE-2023-31136
www.postgresql.org/support/security/CVE-2021-23214/
www.postgresql.org/support/security/CVE-2021-23222/
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.6%