PostgreSQL Security Flaws Let Attackers Execute Code


Two vulnerabilities have been identified in pgAdmin of PostgreSQL, which are associated with cross-site scripting and multi-factor authentication bypass.

pgAdmin is an open-source administration tool and development platform for PostgreSQL, which offers multiple features like CI/CD, Server Mode, Workspace customization, and much more.

pgAdmin supports multiple platforms, such as Linux, Unix, macOS, and Windows. However, these vulnerabilities have been assigned CVE-2024-4216 and CVE-2024-4215, with severity 7.4 (High).

Both of these vulnerabilities have been fixed in PostgreSQL.

PostgreSQL Security Flaws

CVE-2024-4216 : Cross-Site Scripting Vulnerability

This vulnerability exists in pgAdmin versions prior to 8.5 specifically inside the /settings/store API response json payload.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:


Exploiting this vulnerability could allow a threat actor to execute malicious script on the client end and steal sensitive cookies. 

In order to exploit this vulnerability, researchers used the man-in-the-middle proxy (mitmproxy) and intercepted the POST request to /settings/store which is called for certain purposes like resizing the left menu bar. 

The POST request body is modified with “… ”children”: [{”id”:”+3′-alert(‘XSS’)-‘”, …” and sent to the server.

The server then responds with this malicious XSS payload which gets executed as a pop-up in the client browser.

XSS executed (Source: GitHub)

CVE-2024-4215 : Multi-Factor Authentication Bypass

This vulnerability affects pgAdmin versions prior to 8.5, which could allow a threat actor to bypass multi-factor authentication on affected versions.

In order to exploit this vulnerability, a threat actor must have a legitimate username and password to authenticate into the application. 

Once authenticated into the application, the threat actor can perform additional actions like managing files and executing SQL queries regardless of the MFA enrollment status. 

The maintainers have fixed both of these vulnerabilities, and necessary patches have been rolled out.

Users of pgAdmin for PostgreSQL are recommended to upgrade to pgAdmin v4 8.6 to prevent the exploitation of these vulnerabilities by threat actors.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide



Source link