A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2063759 | Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2063759 | Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 06:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2063759 - Issue Tracking, Third Party Advisory |
27 Jun 2023, 16:39
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 |
Information
Published : 2022-03-16 15:15
Updated : 2024-11-21 06:39
NVD link : CVE-2022-0959
Mitre link : CVE-2022-0959
CVE.ORG link : CVE-2022-0959
JSON object : View
Products Affected
postgresql
- pgadmin_4