When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 34 | |
fedora | eq | 35 | |
postgresql | ge | 10.0 | |
postgresql | lt | 10.19 | |
postgresql | ge | 11.0 | |
postgresql | lt | 11.14 | |
postgresql | ge | 12.0 | |
postgresql | lt | 12.9 | |
postgresql | ge | 13.0 | |
postgresql | lt | 13.5 |