CVE-2020-25694: 
PostgreSQL vulnerability analysis and mitigation

A security vulnerability (CVE-2020-25694) was discovered in PostgreSQL versions before 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24. The vulnerability occurs when a client application creates additional database connections but only reuses basic connection parameters while dropping security-relevant parameters, which could potentially lead to security issues (PostgreSQL Security, NVD Database).

The vulnerability is related to connection parameter handling in PostgreSQL client applications. When creating additional database connections, affected applications (including clusterdb, pgdump, pgrestore, psql, reindexdb, and vacuumdb) only reuse basic connection parameters like host, user, and port, while dropping security-relevant parameters such as channel_binding, sslmode, requirepeer, and gssencmode. This creates a security weakness that could be exploited. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (NetApp Advisory).

The vulnerability could enable a man-in-the-middle attack or allow an attacker to observe clear-text transmissions. The highest threats from this vulnerability are to data confidentiality and integrity as well as system availability. This could potentially lead to unauthorized access to sensitive information, modification of data, or system disruption (NVD Database, NetApp Advisory).

The vulnerability has been fixed in PostgreSQL versions 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24. Users are strongly advised to upgrade to these or later versions to address the security issue. The fix ensures that security-relevant parameters are properly maintained when creating additional database connections (PostgreSQL Security, Debian Advisory).