Vulnerability Description
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgadmin | Pgadmin 4 | < 8.4 |
| Fedoraproject | Fedora | 40 |
Related Weaknesses (CWE)
References
- https://github.com/pgadmin-org/pgadmin4/issues/7258Issue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserExploitThird Party Advisory
- https://github.com/pgadmin-org/pgadmin4/issues/7258Issue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserExploitThird Party Advisory
FAQ
What is CVE-2024-2044?
CVE-2024-2044 is a vulnerability with a CVSS score of 9.9 (CRITICAL). pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load...
How severe is CVE-2024-2044?
CVE-2024-2044 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-2044?
Check the references section above for vendor advisories and patch information. Affected products include: Pgadmin Pgadmin 4, Fedoraproject Fedora.