File Upload Vulnerability in pgAdmin by Red Hat
CVE-2022-0959

6.5MEDIUM

Key Information:

Vendor: Postgresql
Status: Pgadmin
Vendor: CVE Published:; 16 March 2022

Summary

An authenticated user can exploit a vulnerability in pgAdmin, allowing them to upload files to any writable location on the operating system. This risk arises when a user leverages their existing CSRF token and session cookie, potentially leading to unauthorized access or malicious file uploads, compromising system integrity.

Affected Version(s)

pgadmin pgadmin 6.7

References

https://bugzilla.redhat.com/show_bug.cgi?id=2063759

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2022
Vulnerability Reserved
Mar 14, 2022