← Back

CVE-2020-25694

nvd nist
Published: Nov 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (7)

Postgresql
1 product
Postgresql
Debian
1 product
Debian Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
Postgresql
Before 9.5.24
Postgresql
From 10.0 to 10.15
Postgresql
From 11.0 to 11.10
Postgresql
From 12.0 to 12.5
Postgresql
From 13.0 to 13.1
Postgresql
From 9.6.0 to 9.6.20
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-327
Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.

References (10)

Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Mailing ListPatchThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.