-
Notifications
You must be signed in to change notification settings - Fork 615
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote command Execution by an Authenticated user in pgAdmin 4 #6763
Labels
Milestone
Comments
adityatoshniwal
added a commit
to adityatoshniwal/pgadmin4
that referenced
this issue
Sep 18, 2023
…te command using validate binary path API. pgadmin-org#6763 CVE-XXXX-XXXXX - request raised, number to be received.
adityatoshniwal
added a commit
to adityatoshniwal/pgadmin4
that referenced
this issue
Sep 18, 2023
…te command using validate binary path API (CVE-2023-5002). pgadmin-org#6763
adityatoshniwal
added a commit
that referenced
this issue
Sep 18, 2023
…te command using validate binary path API (CVE-2023-5002). #6763 (#6764)
adityatoshniwal
added a commit
to adityatoshniwal/pgadmin4
that referenced
this issue
Sep 20, 2023
akshay-joshi
pushed a commit
that referenced
this issue
Sep 20, 2023
adityatoshniwal
added a commit
that referenced
this issue
Sep 20, 2023
… present on some systems. #6763
|
Tested on Ubuntu 22 with https://developer.pgadmin.org/builds/2023-09-20-2/ builds. Works fine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerable versions: All prior to v7.6.
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from.
Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, which could allow an authenticated user to run arbitrary commands on the server. Users can use the commands as filenames and check for validating the path using the API. This would inject the command in the path validator and execute the command on the pgAdmin server.
This issue does not affect users running pgAdmin in desktop mode.
The pgAdmin project thanks Stefan Grönke <gronke@radicallyopensecurity.com> for reporting this issue.
The text was updated successfully, but these errors were encountered: