MEDIUM 6.1

GHSA-894c-rg7f-3c62

pgAdmin 4 Open Redirect vulnerability

Details

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pgadmin4

Introduced in: 0 Fixed in: 6.14

Fix pip install --upgrade 'pgadmin4>=6.14'

References

https://nvd.nist.gov/vuln/detail/CVE-2023-22298 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/5343 [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]
https://jvn.jp/en/jp/JVN03832974/index.html [WEB]
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH [WEB]
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH [WEB]
https://www.pgadmin.org [WEB]