First published: Tue Jan 17 2023(Updated: )
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Pgadmin Pgadmin | >=4.0<6.14 | |
Fedoraproject Fedora | =36 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-22298.
The severity of CVE-2023-22298 is medium with a CVSS score of 6.1.
pgAdmin 4 versions prior to v6.14 and Fedora 36 are affected by CVE-2023-22298.
The vulnerability allows a remote unauthenticated attacker to redirect a user to an arbitrary website and conduct a phishing attack by having the user access a specially crafted URL.
Upgrade to pgAdmin 4 version 6.14 or later to fix the vulnerability.