Описание
Security update for pgadmin4
This update for pgadmin4 fixes the following issues:
- CVE-2024-2044: Fixed unsafe deserialization and Remote Code Execution by an authenticated user (bsc#1221172)
Список пакетов
SUSE Enterprise Storage 7.1
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise Server 15 SP3-LTSS
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise Server 15 SP4-LTSS
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Manager Proxy 4.3
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
SUSE Manager Server 4.3
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
openSUSE Leap 15.5
pgadmin4-4.30-150300.3.12.1
pgadmin4-doc-4.30-150300.3.12.1
pgadmin4-web-4.30-150300.3.12.1
pgadmin4-web-uwsgi-4.30-150300.3.12.1
Ссылки
- Link for SUSE-SU-2024:1340-1
- E-Mail link for SUSE-SU-2024:1340-1
- SUSE Security Ratings
- SUSE Bug 1221172
- SUSE CVE CVE-2024-2044 page
Описание
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users' sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
Затронутые продукты
SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.12.1
SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.12.1
SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.12.1
Ссылки
- CVE-2024-2044
- SUSE Bug 1221172