Vulnerability Description
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Odyssey Project | Odyssey | 1.1 |
Related Weaknesses (CWE)
References
- https://github.com/yandex/odyssey/issues/376%2C
- https://www.postgresql.org/support/security/CVE-2021-23214/Not Applicable
- https://github.com/yandex/odyssey/issues/376%2C
- https://www.postgresql.org/support/security/CVE-2021-23214/Not Applicable
FAQ
What is CVE-2021-43766?
CVE-2021-43766 is a vulnerability with a CVSS score of 8.1 (HIGH). Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary...
How severe is CVE-2021-43766?
CVE-2021-43766 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43766?
Check the references section above for vendor advisories and patch information. Affected products include: Odyssey Project Odyssey.