{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4223", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:34:49.614Z", "dateReserved": "2022-11-30T00:00:00", "datePublished": "2022-12-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server."}], "affected": [{"vendor": "n/a", "product": "pgadmin4", "versions": [{"version": "pgadmin4 6.17", "status": "affected"}]}], "references": [{"url": "https://github.com/pgadmin-org/pgadmin4/issues/5593"}, {"name": "FEDORA-2022-2d5a6f48e1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94", "cweId": "CWE-94"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:34:49.614Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/pgadmin-org/pgadmin4/issues/5593", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-2d5a6f48e1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:pgadmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE369D5-2629-4B8D-9FC1-EFABF7C82345", "versionEndExcluding": "6.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server."}, {"lang": "es", "value": "El servidor pgAdmin incluye una API HTTP dise\u00f1ada para validar la ruta que un usuario selecciona a las utilidades externas de PostgreSQL, como pg_dump y pg_restore. El servidor ejecuta la utilidad para determinar de qu\u00e9 versi\u00f3n de PostgreSQL proviene. Las versiones de pgAdmin anteriores a la 6.17 no lograron proteger adecuadamente esta API, lo que podr\u00eda permitir que un usuario no autenticado la llame con una ruta de su elecci\u00f3n, como una ruta UNC a un servidor que controla en una m\u00e1quina con Windows. Esto har\u00eda que el servidor pgAdmin ejecutara un ejecutable con el nombre apropiado en la ruta de destino."}], "id": "CVE-2022-4223", "lastModified": "2024-11-21T07:34:49.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-13T16:15:26.277", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/pgadmin-org/pgadmin4/issues/5593"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/pgadmin-org/pgadmin4/issues/5593"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Florian Hauser for reporting this issue.", "bugzilla": {"description": "pgadmin4: Unauthenticated remote code execution while validating the binary path", "id": "2151434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151434"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-94", "details": ["The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server."], "name": "CVE-2022-4223", "public_date": "2022-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-4223\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4223\nhttps://github.com/pgadmin-org/pgadmin4/issues/5593"], "statement": "This issue does not affect users running pgAdmin in desktop mode.", "threat_severity": "Important", "upstream_fix": "pgadmin4 6.17"}