CVE-2022-0959

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0959

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0959.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0959

Aliases

GHSA-cr8c-972v-rmp3

Related

Published

2022-03-16T15:15:16Z

Modified

2024-09-03T03:59:53.509083Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2063759

Affected packages

Git / github.com/pgadmin-org/pgadmin4

Affected ranges

Type: GIT
Repo: https://github.com/pgadmin-org/pgadmin4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

901e3ede3972b9c6f723e82e453a8e9b25205612

Affected versions

Other

REL-1_0

REL-1_0-BETA1

REL-1_0-BETA2

REL-1_0-BETA3

REL-1_0-BETA4

REL-1_0-RC1

REL-1_1

REL-1_2

REL-1_3

REL-1_4

REL-1_5

REL-1_6

REL-2_0

REL-2_0-RC1

REL-2_0-RC2

REL-2_1

REL-3_0

REL-3_1

REL-3_2

REL-3_3

REL-3_4

REL-3_5

REL-3_6

REL-4_0

REL-4_1

REL-4_10

REL-4_11

REL-4_12

REL-4_13

REL-4_14

REL-4_15

REL-4_16

REL-4_17

REL-4_18

REL-4_19

REL-4_2

REL-4_20

REL-4_21

REL-4_22

REL-4_23

REL-4_24

REL-4_25

REL-4_26

REL-4_27

REL-4_28

REL-4_29

REL-4_3

REL-4_30

REL-4_4

REL-4_5

REL-4_6

REL-4_7

REL-4_8

REL-4_9

REL-5_0

REL-5_1

REL-5_2

REL-5_3

REL-5_4

REL-5_5

REL-5_6

REL-5_7

REL-6_0

REL-6_1

REL-6_2

REL-6_3

REL-6_4

REL-6_5

REL-6_6