CVE-2023-5002
Published: 22 September 2023
Summary
CVE-2023-5002 is a medium-severity OS Command Injection (CWE-78) vulnerability in Fedoraproject Fedora. Its CVSS base score is 6.0 (Medium).
Operationally, ranked in the top 3.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-5002 is a command injection vulnerability in pgAdmin that affects all versions prior to 7.6. The flaw lies in the server HTTP API responsible for validating user-supplied paths to external PostgreSQL utilities such as pg_dump and pg_restore; insufficient control of the executed server code permits arbitrary operating-system commands to be run. The issue is tracked under CWE-78 and carries a CVSS 3.1 score of 6.0.
An authenticated attacker with network access can supply a malicious path through the affected API endpoint. Successful exploitation grants the ability to execute arbitrary commands on the pgAdmin server host, resulting in high impact to integrity and availability and limited impact to confidentiality under the given attack-complexity and privilege constraints.
Public advisories published by Red Hat and Fedora reference the upstream pgAdmin issue tracker and confirm that the vulnerability is resolved by upgrading to version 7.6 or later. The current EPSS score of 0.2376, which reached a peak of 0.2721, indicates moderate and relatively stable exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-2508
Vulnerability details
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control…
more
the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.