QID 995372

Date Published: 2023-09-25

QID 995372: Python (Pip) Security Update for pgadmin4 (GHSA-ghp8-52vx-77j4)

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.

CVSS V3 rated as Critical - 8.8 severity.

CVSS V2 rated as Medium - 5.4 severity.

Solution

Refer to Github security advisory GHSA-ghp8-52vx-77j4 for updates and patch information.

Vendor References

GHSA-ghp8-52vx-77j4 - github.com/advisories/GHSA-ghp8-52vx-77j4

CVEs related to QID 995372

CVE-2023-5002 |

Software Advisories

Advisory ID	Software	Component	Link
GHSA-ghp8-52vx-77j4	pgadmin4		github.com/advisories/GHSA-ghp8-52vx-77j4

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].