CVE-2023-22298

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

References

Affected packages

Git / github.com/pgadmin-org/pgadmin4

Affected ranges

Type

GIT

Repo

https://github.com/pgadmin-org/pgadmin4

Events

Introduced

6d0c4bc116fd16a3e43e498b8fc583046c230e85

Fixed

4d9dfe7d041be8730d7beda94311566d7267cb33

Database specific

{
    "versions": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "6.14"
        }
    ]
}

Affected versions

Other

REL-4_0

REL-4_1

REL-4_10

REL-4_11

REL-4_12

REL-4_13

REL-4_14

REL-4_15

REL-4_16

REL-4_17

REL-4_18

REL-4_19

REL-4_2

REL-4_20

REL-4_21

REL-4_22

REL-4_23

REL-4_24

REL-4_25

REL-4_26

REL-4_27

REL-4_28

REL-4_29

REL-4_3

REL-4_30

REL-4_4

REL-4_5

REL-4_6

REL-4_7

REL-4_8

REL-4_9

REL-5_0

REL-5_1

REL-5_2

REL-5_3

REL-5_4

REL-5_5

REL-5_6

REL-5_7

REL-6_0

REL-6_1

REL-6_10

REL-6_11

REL-6_12

REL-6_13

REL-6_2

REL-6_3

REL-6_4

REL-6_5

REL-6_6

REL-6_7

REL-6_8

REL-6_9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22298.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    }
]