Moderate severityNVD Advisory· Published Mar 16, 2022· Updated Aug 2, 2024
CVE-2022-0959
CVE-2022-0959
Description
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 6.7 | 6.7 |
Affected products
5- ghsa-coords5 versionspkg:pypi/pgadmin4pkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/pgadmin4&distro=openSUSE%20Tumbleweedpkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
< 6.7+ 4 more
- (no CPE)range: < 6.7
- (no CPE)range: < 4.30-150300.3.3.1
- (no CPE)range: < 4.30-150300.3.3.1
- (no CPE)range: < 8.2-1.1
- (no CPE)range: < 4.30-150300.3.3.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-cr8c-972v-rmp3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0959ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/pgadmin-org/pgadmin4/commit/dccd4f0bbaafa783d9f0360c7592b128d5cc3928ghsaWEB
News mentions
0No linked articles in our index yet.