2255192 – (CVE-2021-3850) CVE-2021-3850 php-adodb: authentication bypass in PostgreSQL connections

Bug 2255192 (CVE-2021-3850) - CVE-2021-3850 php-adodb: authentication bypass in PostgreSQL connections

Summary: CVE-2021-3850 php-adodb: authentication bypass in PostgreSQL connections

Keywords:
Status:	NEW
Alias:	CVE-2021-3850
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2255193
Blocks:
TreeView+	depends on / blocked

Reported:	2023-12-19 06:48 UTC by TEJ RATHI
Modified:	2023-12-20 05:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:	adodb 5.20.21, adodb 5.21.4
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-12-19 06:48:18 UTC

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

https://huntr.com/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/
https://github.com/ADOdb/ADOdb/issues/793
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29

Comment 1 TEJ RATHI 2023-12-19 06:48:43 UTC

Created php-adodb tracking bugs for this issue:

Affects: epel-all [bug 2255193]

Comment 2 TEJ RATHI 2023-12-19 06:53:29 UTC

Fedora-38 and above are already using php-adodb-5.22.6-1 and later versions. Hence, setting fedora as not-affected.

Note You need to log in before you can comment on or make changes to this bug.