4 matches found
openSUSE: Security Advisory for pgadmin4 (SUSE-SU-2022:1541-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2022:1541-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1541-1 Security update for pgadmin4
This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload bsc1197143...
CVE-2022-0959
CVE-2022-0959 affects pgAdmin4: a malicious, authenticated user can craft an HTTP request using an existing CSRF token and session cookie to upload files to any location writable by the OS user running pgAdmin. The root cause is an unrestricted file upload path that permits writes outside intende...