CVE-2022-4223
Published: 13 December 2022
Summary
CVE-2022-4223 is a high-severity Code Injection (CWE-94) vulnerability in Pgadmin Pgadmin 4. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability affects the pgAdmin server in versions prior to 6.17. An HTTP API intended only for validating paths to external PostgreSQL utilities such as pg_dump and pg_restore was insufficiently secured. The server invokes the named utility to identify its PostgreSQL version, but the API accepted arbitrary paths supplied by callers, including UNC paths pointing to attacker-controlled locations on Windows systems.
An unauthenticated remote attacker can invoke the API with a malicious path containing an appropriately named executable. Successful exploitation results in the pgAdmin server executing attacker-supplied code, yielding remote code execution with the privileges of the pgAdmin process. The issue is tracked under CWE-94 and CWE-862 and carries a CVSS 3.1 base score of 8.8.
Public references, including the pgAdmin GitHub issue tracker and Fedora package-announce lists, document the flaw and point to the availability of patched builds beginning with version 6.17. The current EPSS score of 0.8701 (peak 0.8898) indicates sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-7489
Vulnerability details
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL…
more
version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring an access control policy ensures authorization checks are defined and applied for critical functions.
Reviews of access controls detect missing authorization checks on critical functions or resources.
Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.
Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.
Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.
Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.
The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.
Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.