Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open URL Redirect Vulnerability #5343

Closed
adityatoshniwal opened this issue Sep 19, 2022 · 2 comments
Closed

Open URL Redirect Vulnerability #5343

adityatoshniwal opened this issue Sep 19, 2022 · 2 comments
Assignees
@FaharAbbasRizvi
Labels
Bug EDB Sprint 126
Milestone
6.14

Comments

@adityatoshniwal
Copy link
Contributor

Currently, when pgAdmin is running in server mode and user opens the pgAdmin URL, it opens login page with redirect URL to /browser of pgAdmin using next param.
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
@akshay-joshi akshay-joshi added this to the 6.14 milestone Sep 19, 2022
@akshay-joshi akshay-joshi reopened this Sep 19, 2022
postgres-mirror pushed a commit that referenced this issue Sep 20, 2022
@adityatoshniwal @akshay-joshi
Allow script name URLs in the next URL of the login page.
4d9dfe7 
refs #5343
@FaharAbbasRizvi
Copy link
Contributor

This is fixed in the candidate build for v6.14

@bigteejay bigteejay mentioned this issue Nov 12, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FaharAbbasRizvi FaharAbbasRizvi

Labels
Bug EDB Sprint 126
Projects
None yet
Milestone
6.14
Development

No branches or pull requests
6 participants
@akshay-joshi @yogeshmahajan-1903 @adityatoshniwal @FaharAbbasRizvi and others