跳转到帖子

SUSE: CVE-2024-2044: SUSE Linux Security Advisory

recommended_posts

发布于
  • Members

SUSE: CVE-2024-2044: SUSE Linux Security Advisory

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/07/2024
Created
04/19/2024
Added
04/19/2024
Modified
10/31/2024

Description

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.

Solution(s)

  • suse-upgrade-pgadmin4
  • suse-upgrade-pgadmin4-doc
  • suse-upgrade-pgadmin4-web
  • suse-upgrade-pgadmin4-web-uwsgi
  • suse-upgrade-system-user-pgadmin

References

  • https://attackerkb.com/topics/cve-2024-2044
  • CVE - 2024-2044
  • 查看数 705
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…