6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22298

GHSA ID

GHSA-894c-rg7f-3c62

EPSS Score

0.63759%

CWE

CWE-601

Published

1/17/2023

Updated

3/17/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-22298

CVE-2023-22298: pgAdmin 4 Open Redirect vulnerability

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22298

GHSA ID

GHSA-894c-rg7f-3c62

EPSS Score

0.63759%

CWE

CWE-601

Published

1/17/2023

Updated

3/17/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pgadmin4	pip	< 6.14	6.14

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper validation of redirect URLs in the authentication flow. The GitHub issue (#5343) explicitly mentions the 'next' parameter being used for redirects to /browser after login. In Flask-based applications like pgAdmin, the common pattern for login redirects uses request.args.get('next') without proper validation. The login handler function would be responsible for processing this parameter and redirecting users, making it the likely vulnerable component. The CWE-601 classification and vulnerability description both align with unvalidated redirects in authentication flows.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*n r**ir**t vuln*r**ility in p***min * v*rsions prior to v*.** *llows * r*mot* un*ut**nti**t** *tt**k*r to r**ir**t * us*r to *n *r*itr*ry w** sit* *n* *on*u*t * p*is*in* *tt**k *y **vin* * us*r to ****ss * sp**i*lly *r**t** URL.

Reasoning

T** vuln*r**ility st*ms *rom improp*r v*li**tion o* r**ir**t URLs in t** *ut**nti**tion *low. T** *it*u* issu* (#****) *xpli*itly m*ntions t** 'n*xt' p*r*m*t*r **in* us** *or r**ir**ts to /*rows*r **t*r lo*in. In *l*sk-**s** *ppli**tions lik* `p***mi

6.1

Basic Information

Concerned about an active attack path?

CVE-2023-22298: pgAdmin 4 Open Redirect vulnerability

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI