SQL Injection Vulnerability in Odyssey by Yandex Affecting Client Authentication
CVE-2021-43766

8.1HIGH

Key Information:

Vendor: Odyssey Project
Status: Odyssey
Vendor: CVE Published:; 25 August 2022

🔔 Create Odyssey Project Vulnerability Alert

What is CVE-2021-43766?

The Odyssey software by Yandex is vulnerable to a security flaw where it transmits unencrypted bytes from the client to the server during initial connection establishment. When configured to utilize the certificate Common Name for client authentication, a man-in-the-middle attacker can exploit this vulnerability to inject arbitrary SQL queries, potentially leading to unauthorized access or manipulation of database information. Despite employing SSL certificate verification and encryption, this issue poses significant risks to data integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Odyssey Odyssey 1.1

References

https://www.postgresql.org/support/security/CVE-2021-23214/

x_refsource_MISC

https://github.com/yandex/odyssey/issues/376%2C

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Nov 15, 2021

JSON

Odyssey Project

What is CVE-2021-43766?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.