Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43405
HistorySep 27, 2023 - 8:51 a.m.

Remote Code Execution

2023-09-2708:51:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
pgadmin4
remote code execution
vulnerability
http api
pg_dump
pg_restore
authenticated attacker
arbitrary commands
path validator
pgadmin server

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.1%

pgadmin4 is vulnerable to Remote Code Execution. The vulnerability is caused by a missing validation in the pgAdmin server HTTP API - validate_binary_path that is used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. This can result in an authenticated attacker running arbitrary commands on the server by using commands as filenames used to validate path using the API. This eventually results in injecting the command in the path validator and execute the command on the pgAdmin server.

CPENameOperatorVersion
pgadmin4le7.6
pgadmin4le7.6

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.1%