SSL/TLS Connection Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2017-7485

5.9MEDIUM

What is CVE-2017-7485?

This vulnerability allows for the possibility of an active Man-in-the-Middle (MitM) attacker to bypass SSL/TLS protection on connections to PostgreSQL servers. The PGREQUIRESSL environment variable does not enforce a secure connection in specific versions of PostgreSQL, which could expose sensitive data to interception. It is crucial for users of affected PostgreSQL versions to apply the necessary updates to ensure that SSL/TLS connections are properly enforced and protected against potential exploits.

Affected Version(s)

PostgreSQL 9.3 - 9.6

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.