Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2260-1

Опубликовано: 02 июл. 2024
Источник: suse-cvrf

Описание

Security update for pgadmin4

This update for pgadmin4 fixes the following issues:

  • CVE-2024-4216: Fixed XSS in /settings/store endpoint (bsc#1223868).
  • CVE-2024-4215: Fixed multi-factor authentication bypass (bsc#1223867).

Список пакетов

SUSE Linux Enterprise Module for Python 3 15 SP6
pgadmin4-8.5-150600.3.3.1
pgadmin4-doc-8.5-150600.3.3.1
system-user-pgadmin-8.5-150600.3.3.1
openSUSE Leap 15.6
pgadmin4-8.5-150600.3.3.1
pgadmin4-cloud-8.5-150600.3.3.1
pgadmin4-desktop-8.5-150600.3.3.1
pgadmin4-doc-8.5-150600.3.3.1
pgadmin4-web-uwsgi-8.5-150600.3.3.1
system-user-pgadmin-8.5-150600.3.3.1

Ссылки

Описание

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account's username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account's MFA enrollment status.

Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.3.1
SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.3.1
SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.3.1
openSUSE Leap 15.6:pgadmin4-8.5-150600.3.3.1
Ссылки

Описание

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.3.1
SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.3.1
SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.3.1
openSUSE Leap 15.6:pgadmin4-8.5-150600.3.3.1
Ссылки