CVE-2023-22298
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
References
▼ | URL | Tags | |
---|---|---|---|
vultures@jpcert.or.jp | https://github.com/pgadmin-org/pgadmin4 | Product, Third Party Advisory | |
vultures@jpcert.or.jp | https://github.com/pgadmin-org/pgadmin4/issues/5343 | Patch, Third Party Advisory | |
vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN03832974/index.html | Third Party Advisory | |
vultures@jpcert.or.jp | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/ | ||
vultures@jpcert.or.jp | https://www.pgadmin.org/ | Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
pgAdmin Project | pgAdmin 4 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:05.732Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.pgadmin.org/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/pgadmin-org/pgadmin4" }, { "tags": [ "x_transferred" ], "url": "https://github.com/pgadmin-org/pgadmin4/issues/5343" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN03832974/index.html" }, { "name": "FEDORA-2023-0334c6000a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "pgAdmin 4", "vendor": "pgAdmin Project", "versions": [ { "status": "affected", "version": "versions prior to v6.14" } ] } ], "descriptions": [ { "lang": "en", "value": "Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL." } ], "problemTypes": [ { "descriptions": [ { "description": "Open Redirect", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-02T00:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.pgadmin.org/" }, { "url": "https://github.com/pgadmin-org/pgadmin4" }, { "url": "https://github.com/pgadmin-org/pgadmin4/issues/5343" }, { "url": "https://jvn.jp/en/jp/JVN03832974/index.html" }, { "name": "FEDORA-2023-0334c6000a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2023-22298", "datePublished": "2023-01-17T00:00:00", "dateReserved": "2022-12-28T00:00:00", "dateUpdated": "2024-08-02T10:07:05.732Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-22298\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2023-01-17T10:15:11.657\",\"lastModified\":\"2023-11-07T04:06:49.490\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de redireccionamiento abierto en las versiones de pgAdmin 4 anteriores a la v6.14 permite que un atacante remoto no autenticado redirija a un usuario a un sitio web arbitrario y realice un ataque de phishing haciendo que el usuario acceda a una URL especialmente manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pgadmin:pgadmin:*:*:*:*:*:postgresql:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"6.14\",\"matchCriteriaId\":\"FF5A5374-1FBF-4FAA-B908-5073F6764CA8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/pgadmin-org/pgadmin4\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/pgadmin-org/pgadmin4/issues/5343\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN03832974/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.pgadmin.org/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.