CVE-2022-4223
high-risk
Published 2022-12-13
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.
Do I need to act?
!
87.8% chance of exploitation in next 30 days
EPSS score — higher than 12% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (4)
Third Party Advisory
https://github.com/pgadmin-org/pgadmin4/issues/5593
Third Party Advisory
https://github.com/pgadmin-org/pgadmin4/issues/5593
57
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
20/34 · Moderate
Exposure
7/34 · Low