CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
28.0%
pgadmin4 is vulnerable to Remote Code Execution. The vulnerability is caused by a missing validation in the pgAdmin server HTTP API - validate_binary_path
that is used to validate the path a user selects to external PostgreSQL utilities such as pg_dump
and pg_restore
. This can result in an authenticated attacker running arbitrary commands on the server by using commands as filenames used to validate path using the API. This eventually results in injecting the command in the path validator and execute the command on the pgAdmin server.
bugzilla.redhat.com/show_bug.cgi?id=2239164
github.com/advisories/GHSA-ghp8-52vx-77j4
github.com/pgadmin-org/pgadmin4/commit/35f05e49b3632a0a674b9b36535a7fe2d93dd0c2
github.com/pgadmin-org/pgadmin4/issues/6763
lists.fedoraproject.org/archives/list/[email protected]/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/
lists.fedoraproject.org/archives/list/[email protected]/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/