Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Link | Tags |
---|---|
https://www.pgadmin.org/ | vendor advisory |
https://github.com/pgadmin-org/pgadmin4 | product third party advisory |
https://github.com/pgadmin-org/pgadmin4/issues/5343 | third party advisory patch |
https://jvn.jp/en/jp/JVN03832974/index.html | third party advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/ | vendor advisory |