Описание
Security update for pgadmin4
This update for pgadmin4 fixes the following issues:
- CVE-2023-22298: Fixed an open redirect vulnerability (bsc#1207238).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP4
pgadmin4-4.30-150300.3.6.1
pgadmin4-doc-4.30-150300.3.6.1
pgadmin4-web-4.30-150300.3.6.1
SUSE Linux Enterprise Real Time 15 SP3
pgadmin4-4.30-150300.3.6.1
pgadmin4-doc-4.30-150300.3.6.1
pgadmin4-web-4.30-150300.3.6.1
openSUSE Leap 15.4
pgadmin4-4.30-150300.3.6.1
pgadmin4-doc-4.30-150300.3.6.1
pgadmin4-web-4.30-150300.3.6.1
pgadmin4-web-uwsgi-4.30-150300.3.6.1
Ссылки
- Link for SUSE-SU-2023:1739-1
- E-Mail link for SUSE-SU-2023:1739-1
- SUSE Security Ratings
- SUSE Bug 1207238
- SUSE CVE CVE-2023-22298 page
Описание
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4-4.30-150300.3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4-doc-4.30-150300.3.6.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4-web-4.30-150300.3.6.1
SUSE Linux Enterprise Real Time 15 SP3:pgadmin4-4.30-150300.3.6.1
Ссылки
- CVE-2023-22298
- SUSE Bug 1207238