Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
Vulnerability Description
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
pgJDBC 授权问题漏洞
Vulnerability Description
pgJDBC是pgJDBC开源的一个PostgreSQL驱动。 pgJDBC 42.7.4至42.7.7版本存在授权问题漏洞,该漏洞源于通道绑定配置不当,可能导致中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A