CVE-2023-5002

CVSS V2 None CVSS V3 None

Description

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

Overview

CVE ID
CVE-2023-5002

Assigner
fedora

Vulnerability Status
PUBLISHED

Published Version
2023-09-22T13:31:43.124Z

Last Modified Date
2024-06-04T17:28:36.879Z

Weakness Enumerations

CWE	URL
CWE-78	http://cwe.mitre.org/data/definitions/78.html

References

Reference URL	Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2239164	issue-tracking x_refsource_REDHAT
https://github.com/pgadmin-org/pgadmin4/issues/6763
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-5002
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5002

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 05:38:16				Added to TrackCVE