CVE-2023-5002 - OpenCVE

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Fedoraproject	Fedora
Pgadmin	Pgadmin

Configuration 1 [-]

cpe:2.3:a:pgadmin:pgadmin:*:*:*:*:*:postgresql:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2239164	Issue Tracking Third Party Advisory
https://github.com/pgadmin-org/pgadmin4/issues/6763	Issue Tracking Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/	Mailing List

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: fedora

Published: 2023-09-22T13:31:43.124Z

Updated: 2024-06-04T17:28:36.879Z

Reserved: 2023-09-15T16:22:28.547Z

Link: CVE-2023-5002

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-22T14:15:47.213

Modified: 2023-11-07T04:23:17.827

Link: CVE-2023-5002

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5002", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2023-09-15T16:22:28.547Z", "datePublished": "2023-09-22T13:31:43.124Z", "dateUpdated": "2024-06-04T17:28:36.879Z"}, "containers": {"cna": {"title": "Pgadmin4: remote code execution by an authenticated user", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server."}], "affected": [{"versions": [{"status": "unaffected", "version": "7.7", "lessThan": "*", "versionType": "custom"}], "packageName": "pgadmin4", "collectionURL": "https://github.com/pgadmin-org/pgadmin4"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239164", "name": "RHBZ#2239164", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/pgadmin-org/pgadmin4/issues/6763"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/"}], "datePublic": "2023-09-21T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "timeline": [{"lang": "en", "time": "2023-09-13T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-09-21T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:43:46.842Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5002", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T16:28:49.140419Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:pgadmin:pgadmin:-:*:*:*:*:postgresql:*:*"], "vendor": "pgadmin", "product": "pgadmin", "versions": [{"status": "affected", "version": "0", "lessThan": "7.6", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:36.879Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pgadmin:pgadmin:*:*:*:*:*:postgresql:*:*", "matchCriteriaId": "15620E97-9BD2-4309-84E7-53EBF74D0CDE", "versionEndExcluding": "7.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en pgAdmin. Este problema ocurre cuando la API HTTP del servidor pgAdmin valida la ruta que un usuario selecciona a las utilidades externas de PostgreSQL, como pg_dump y pg_restore. Las versiones de pgAdmin anteriores a la 7.6 no pudieron controlar adecuadamente el c\u00f3digo del servidor ejecutado en esta API, lo que permiti\u00f3 a un usuario autenticado ejecutar comandos arbitrarios en el servidor."}], "id": "CVE-2023-5002", "lastModified": "2023-11-07T04:23:17.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.5, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2023-09-22T14:15:47.213", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239164"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/pgadmin-org/pgadmin4/issues/6763"}, {"source": "patrick@puiterwijk.org", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S24D3S2GVNGTDNE6SF2OQSOPU3H72UW/"}, {"source": "patrick@puiterwijk.org", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIRTMQZEE6K7RD37ERZ2UFYFLEUXLQU3/"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}