Veracode Vulnerability DatabaseVERACODE:46225Remote Code Execution (RCE)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
65.8%
pgAdmin is vulnerable to Remote Code Execution (RCE). The vulnerability is due improper validation within the binary path API, which allows attackers to execute arbitrary code on the server.
References
gist.github.com/aelmokhtar/689a8be7e3bd535ec01992d8ec7b2b98
github.com/advisories/GHSA-27jx-ffw8-xrqv
github.com/pgadmin-org/pgadmin4/commit/fbbbfe22dd468bcfef1e1f833ec32289a6e56a8b
github.com/pgadmin-org/pgadmin4/issues/7326
lists.fedoraproject.org/archives/list/[email protected]/message/GIF5T34JTTYRGIN5YPT366BDFG6452A2/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
65.8%