CVE-2021-23222 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
postgresql	postgresql	9.6 ≤ 𝑥 < 9.6.24
postgresql	postgresql	10.0 ≤ 𝑥 < 10.19
postgresql	postgresql	11.0 ≤ 𝑥 < 11.14
postgresql	postgresql	12.0 ≤ 𝑥 < 12.9
postgresql	postgresql	13.0 ≤ 𝑥 < 13.5
postgresql	postgresql	14.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

postgresql-13

bullseye	13.16-0+deb11u1 fixed
bullseye (security)	13.16-0+deb11u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

postgresql-10

bionic	Fixed 10.19-0ubuntu0.18.04.1 released
focal	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

postgresql-12

bionic	dne
focal	Fixed 12.9-0ubuntu0.20.04.1 released
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

postgresql-13

bionic	dne
focal	dne
hirsute	Fixed 13.5-0ubuntu0.21.04.1 released
impish	Fixed 13.5-0ubuntu0.21.10.1 released
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

postgresql-9.1

bionic	dne
focal	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

postgresql-9.3

bionic	dne
focal	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	deferred
xenial	dne

postgresql-9.5

bionic	dne
focal	dne
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	Fixed 9.5.25-0ubuntu0.16.04.1+esm3 released

Common Weakness Enumeration

CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2022675

https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228

https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45

https://security.gentoo.org/glsa/202211-04

https://www.postgresql.org/support/security/CVE-2021-23222/

https://bugzilla.redhat.com/show_bug.cgi?id=2022675

https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228

https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45

https://security.gentoo.org/glsa/202211-04

https://www.postgresql.org/support/security/CVE-2021-23222/