cvelistv5 - cve-2023-5002

CVE-2023-5002 (GCVE-0-2023-5002)

Vulnerability from cvelistv5

Published

2023-09-22 13:31

Modified

2024-08-02 07:44

Severity ?

6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Summary

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2239164	issue-tracking, x_refsource_REDHAT
	https://github.com/pgadmin-org/pgadmin4/issues/6763
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/

Impacted products

	Vendor	Product	Version
			Patch: 7.7 < *

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pgadmin:pgadmin:-:*:*:*:*:postgresql:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pgadmin",
            "vendor": "pgadmin",
            "versions": [
              {
                "lessThan": "7.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T16:28:49.140419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:28:36.879Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHBZ#2239164",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239164"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pgadmin-org/pgadmin4/issues/6763"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/pgadmin-org/pgadmin4",
          "packageName": "pgadmin4",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-09-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-19T13:43:46.842Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "name": "RHBZ#2239164",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239164"
        },
        {
          "url": "https://github.com/pgadmin-org/pgadmin4/issues/6763"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-21T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Pgadmin4: remote code execution by an authenticated user",
      "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2023-5002",
    "datePublished": "2023-09-22T13:31:43.124Z",
    "dateReserved": "2023-09-15T16:22:28.547Z",
    "dateUpdated": "2024-08-02T07:44:53.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2239164\", \"name\": \"RHBZ#2239164\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://github.com/pgadmin-org/pgadmin4/issues/6763\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:44:53.739Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5002\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-14T16:28:49.140419Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pgadmin:pgadmin:-:*:*:*:*:postgresql:*:*\"], \"vendor\": \"pgadmin\", \"product\": \"pgadmin\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-14T16:29:55.624Z\"}}], \"cna\": {\"title\": \"Pgadmin4: remote code execution by an authenticated user\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"versions\": [{\"status\": \"unaffected\", \"version\": \"7.7\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"packageName\": \"pgadmin4\", \"collectionURL\": \"https://github.com/pgadmin-org/pgadmin4\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-09-13T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2023-09-21T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2023-09-21T00:00:00+00:00\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2239164\", \"name\": \"RHBZ#2239164\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/pgadmin-org/pgadmin4/issues/6763\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2024-04-19T13:43:46.842Z\"}, \"x_redhatCweChain\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-5002\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T07:44:53.739Z\", \"dateReserved\": \"2023-09-15T16:22:28.547Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2023-09-22T13:31:43.124Z\", \"assignerShortName\": \"fedora\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0779

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans PostgreSQL pgAdmin. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PostgreSQL	N/A	pgAdmin 4 versions antérieures à 7.7

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted