Path Traversal

pgadmin4 is vulnerable to Path Traversal. The vulnerability is due to Insufficient Input Validation due to concatenating the sessions directory path with the session ID using the os.path.join function, without setting a trusted base path, allowing an attacker to manipulate the session ID and...

[SECURITY] Fedora 39 Update: pgadmin4-7.8-3.fc39

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora 39 : pgadmin4 (2024-9818cb2406)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9818cb2406 advisory. Fix CVE-2023-26159. ---- Relax requirements. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:GHSA-672H-6X89-76M5...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-478aa17fa2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-8cc61c8b14)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: pgadmin4-6.19-2.fc37

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora 38 : pgadmin4 (2023-8cc61c8b14)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8cc61c8b14 advisory. Backport fix for CVE-2023-5002. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 37 : pgadmin4 (2023-478aa17fa2)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-478aa17fa2 advisory. Backport fix for CVE-2023-5002. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Remote Code Execution

pgadmin4 is vulnerable to Remote Code Execution. The vulnerability is caused by a missing validation in the pgAdmin server HTTP API - validatebinarypath that is used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. This can result in an...

CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

SUSE-SU-2023:1877-1 Security update for pgadmin4

This update for pgadmin4 fixes the following issues: - CVE-2023-0241: Fixed a directory traversal vulnerability bsc1207464...

SUSE: Security Advisory (SUSE-SU-2023:1877-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : pgadmin4 (SUSE-SU-2023:1739-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1739-1 advisory. - Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user...

SUSE-SU-2023:1739-1 Security update for pgadmin4

This update for pgadmin4 fixes the following issues: - CVE-2023-22298: Fixed an open redirect vulnerability bsc1207238...

[SECURITY] Fedora 37 Update: pgadmin4-6.19-1.fc37

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-e7297a4aeb)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 37 : pgadmin4 (2023-e7297a4aeb)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e7297a4aeb advisory. Update to pgadmin4-6.19. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Path Traversal

pgadmin4 is vulnerable to Path Traversal. The vulnerability exists because the library does not properly sanitize the relative paths, allowing attackers to access other users directories and files by providing malicious relative paths...