Bug 2255192 (CVE-2021-3850)
Summary: | CVE-2021-3850 php-adodb: authentication bypass in PostgreSQL connections | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ahanwate |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | adodb 5.20.21, adodb 5.21.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability discovered in the PHP-ADOdb library allows an attacker to inject values into a PostgreSQL connection string by embedding a parameter within single quotes. Depending on the usage of the library in client software, this could potentially enable an attacker to circumvent the login process, potentially gaining unauthorized access to sensitive information such as the server's IP address.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2255193 | ||
Bug Blocks: |
Description
TEJ RATHI
2023-12-19 06:48:18 UTC
Created php-adodb tracking bugs for this issue: Affects: epel-all [bug 2255193] Fedora-38 and above are already using php-adodb-5.22.6-1 and later versions. Hence, setting fedora as not-affected. |