Описание
Security update for pgadmin4
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
Список пакетов
SUSE Linux Enterprise Module for Python 3 15 SP6
pgadmin4-8.5-150600.3.9.1
pgadmin4-doc-8.5-150600.3.9.1
system-user-pgadmin-8.5-150600.3.9.1
openSUSE Leap 15.6
pgadmin4-8.5-150600.3.9.1
pgadmin4-cloud-8.5-150600.3.9.1
pgadmin4-desktop-8.5-150600.3.9.1
pgadmin4-doc-8.5-150600.3.9.1
pgadmin4-web-uwsgi-8.5-150600.3.9.1
system-user-pgadmin-8.5-150600.3.9.1
Ссылки
- Link for SUSE-SU-2025:1227-1
- E-Mail link for SUSE-SU-2025:1227-1
- SUSE Security Ratings
- SUSE Bug 1239308
- SUSE CVE CVE-2025-27152 page
Описание
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1
SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1
SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1
openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1
Ссылки
- CVE-2025-27152
- SUSE Bug 1239305