Описание
Security update for pgadmin4
This update for pgadmin4 fixes the following issues:
- CVE-2022-0959: Fixed an unrestricted file upload (bsc#1197143).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP3
pgadmin4-4.30-150300.3.3.1
pgadmin4-doc-4.30-150300.3.3.1
pgadmin4-web-4.30-150300.3.3.1
openSUSE Leap 15.3
pgadmin4-4.30-150300.3.3.1
pgadmin4-doc-4.30-150300.3.3.1
pgadmin4-web-4.30-150300.3.3.1
pgadmin4-web-uwsgi-4.30-150300.3.3.1
openSUSE Leap 15.4
pgadmin4-4.30-150300.3.3.1
pgadmin4-doc-4.30-150300.3.3.1
pgadmin4-web-4.30-150300.3.3.1
pgadmin4-web-uwsgi-4.30-150300.3.3.1
Ссылки
- Link for SUSE-SU-2022:1541-1
- E-Mail link for SUSE-SU-2022:1541-1
- SUSE Security Ratings
- SUSE Bug 1197143
- SUSE CVE CVE-2022-0959 page
Описание
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP3:pgadmin4-4.30-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:pgadmin4-doc-4.30-150300.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3:pgadmin4-web-4.30-150300.3.3.1
openSUSE Leap 15.3:pgadmin4-4.30-150300.3.3.1
Ссылки
- CVE-2022-0959
- SUSE Bug 1197143