PT-2023-2031 · Pgadmin 4+3 · Pgadmin 4+3

Yuji Tounai

Publicado

2023-01-13

Atualizado

2025-04-17

CVE-2023-0241

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to v6.19

Description The issue is related to a directory traversal vulnerability in pgAdmin 4. This vulnerability can be exploited by a remote attacker to change another user's settings or alter the database. The vulnerability is associated with insufficient restrictions on the path name to a directory with limited access.

Recommendations For pgAdmin 4 versions prior to v6.19, update to version v6.19 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and limiting user privileges to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2023-01743

CVE-2023-0241

GHSA-9CRJ-HPXH-F6QG

OPENSUSE-SU-2024:13667-1

SUSE-SU-2023:1877-1

SUSE-SU-2023_1877-1

Produtos afetados

Pgadmin

Red Os

Suse

Pgadmin 4

PT-2023-2031 · Pgadmin 4+3 · Pgadmin 4+3

CVE-2023-0241

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21