Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-22298
- https://github.com/pgadmin-org/pgadmin4/issues/5343
- https://jvn.jp/en/jp/JVN03832974/index.html
- https://www.pgadmin.org/
- https://github.com/pgadmin-org/pgadmin4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/
- https://github.com/advisories/GHSA-894c-rg7f-3c62