Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for pgadmin_4 by postgresql

    CVE-2023-0241 (GCVE-0-2023-0241)

    Vulnerability from nvd – Published: 2023-03-27 00:00 – Updated: 2025-02-19 16:09
    VLAI
    Summary
    pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a pgadmin Affected: pgadmin 6.19
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:43.822Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pgadmin-org/pgadmin4/issues/5734"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN01398015/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0241",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T16:09:04.038993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T16:09:17.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pgadmin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "pgadmin 6.19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user\u0027s settings or alter the database."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://github.com/pgadmin-org/pgadmin4/issues/5734"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN01398015/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-0241",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2023-01-12T00:00:00.000Z",
        "dateUpdated": "2025-02-19T16:09:17.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0959 (GCVE-0-2022-0959)

    Vulnerability from nvd – Published: 2022-03-16 14:03 – Updated: 2024-08-02 23:47
    VLAI
    Summary
    A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a pgadmin Affected: pgadmin 6.7
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pgadmin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "pgadmin 6.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-23T19:46:41.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2022-0959",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "pgadmin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "pgadmin 6.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-0959",
        "datePublished": "2022-03-16T14:03:38.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0241 (GCVE-0-2023-0241)

    Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2025-02-19 16:09
    VLAI
    Summary
    pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a pgadmin Affected: pgadmin 6.19
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:02:43.822Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pgadmin-org/pgadmin4/issues/5734"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN01398015/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0241",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T16:09:04.038993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T16:09:17.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pgadmin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "pgadmin 6.19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user\u0027s settings or alter the database."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://github.com/pgadmin-org/pgadmin4/issues/5734"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN01398015/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-0241",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2023-01-12T00:00:00.000Z",
        "dateUpdated": "2025-02-19T16:09:17.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0959 (GCVE-0-2022-0959)

    Vulnerability from cvelistv5 – Published: 2022-03-16 14:03 – Updated: 2024-08-02 23:47
    VLAI
    Summary
    A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a pgadmin Affected: pgadmin 6.7
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "pgadmin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "pgadmin 6.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-23T19:46:41.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2022-0959",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "pgadmin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "pgadmin 6.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063759"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-0959",
        "datePublished": "2022-03-16T14:03:38.000Z",
        "dateReserved": "2022-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }