CVE-2022-24844 – SQL Injection in github.com/flipped-aurora/gin-vue-admin
https://notcve.org/view.php?id=CVE-2022-24844
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds. • https://github.com/flipped-aurora/gin-vue-admin/pull/1024 https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-0959
https://notcve.org/view.php?id=CVE-2022-0959
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. Un usuario malintencionado, pero autorizado y autentificado, puede construir una petición HTTP utilizando su token CSRF existente y la cookie de sesión para subir manualmente archivos a cualquier ubicación en la que la cuenta de usuario del sistema operativo bajo la que se ejecuta pgAdmin tenga permiso para escribir • https://bugzilla.redhat.com/show_bug.cgi?id=2063759 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-26520 – postgresql-jdbc: Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-26520
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties ** EN DISPUTA ** En pgjdbc versiones anteriores a 42.3.3, un atacante (que controla la URL o las propiedades de jdbc) puede llamar a java.util.logging.FileHandler para escribir en archivos arbitrarios mediante las propiedades de conexión loggerFile y loggerLevel. Una situación de ejemplo es que un atacante podría crear un archivo JSP ejecutable bajo una root web de Tomcat. NOTA: la posición del proveedor es que no se presenta una vulnerabilidad de pgjdbc; en cambio, es una vulnerabilidad para cualquier aplicación que use el controlador pgjdbc con propiedades de conexión no confiables A flaw was found in Postgres JDBC. • https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3 https://jdbc.postgresql.org/documentation/head/tomcat.html https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com/security/cve/CVE-2022-26520 https://bugzilla.redhat.com/show_bug.cgi?id=2064007 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-21724 – Unchecked Class Instantiation when providing Plugin Classes
https://notcve.org/view.php?id=CVE-2022-21724
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. • https://github.com/ToontjeM/CVE-2022-21724 https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS https://security.netapp.com/advisory/ntap-20220311-0005 https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com • CWE-665: Improper Initialization •
CVE-2021-23222 – postgresql: libpq processes unencrypted bytes from man-in-the-middle
https://notcve.org/view.php?id=CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. Un atacante de tipo man-in-the-middle puede inyectar respuestas falsas a las primeras consultas del cliente, a pesar de haber usado la verificación y el cifrado de certificados SSL • https://bugzilla.redhat.com/show_bug.cgi?id=2022675 https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=d83cdfdca9d918bbbd6bb209139b94c954da7228 https://github.com/postgres/postgres/commit/160c0258802d10b0600d7671b1bbea55d8e17d45 https://security.gentoo.org/glsa/202211-04 https://www.postgresql.org/support/security/CVE-2021-23222 https://access.redhat.com/security/cve/CVE-2021-23222 • CWE-522: Insufficiently Protected Credentials •