SSH tunneling usage between an exposed websocket app and an internal database

Question

Is there any chance of a man in the middle attack in the connection between an exposed websocket server and an internal database (both hosted on the same Paas, which is capr