Miggo Logo
Miggo Vulnerability Database
CVE-2024-2044

CVE-2024-2044: pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

10

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-2044
GHSA ID
GHSA-rj98-crf4-g69w
EPSS Score
0.98943%
CWE
CWE-22
Published
3/7/2024
Updated
8/2/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pgAdmin4pip< 8.48.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from three key issues:

  1. Path traversal via os.path.join() in session file operations (CWE-22)
  2. Unsafe pickle deserialization (CWE-502)
  3. Lack of path sanitization (CWE-31)

The commit diff shows replacement of os.path.join() with safe_join() and added security checks. The original functions in FileBackedSessionManager directly used user-controlled session IDs in path construction without validation, allowing attackers to:

  • On Windows: Reference remote SMB paths for unauthenticated RCE
  • On Linux: Traverse to uploaded pickle files for authenticated RCE These functions were directly involved in the insecure path handling and deserialization chain.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

p***min prior to v*rsion *.* is *****t** *y * p*t*-tr*v*rs*l vuln*r**ility w*il* **s*ri*lizin* us*rs’ s*ssions in t** s*ssion **n*lin* *o**. I* t** s*rv*r is runnin* on Win*ows, *n un*ut**nti**t** *tt**k*r **n lo** *n* **s*ri*liz* r*mot* pi*kl* o*j**

Reasoning

T** vuln*r**ility st*ms *rom t*r** k*y issu*s: *. P*t* tr*v*rs*l vi* os.p*t*.join() in s*ssion *il* op*r*tions (*W*-**) *. Uns*** pi*kl* **s*ri*liz*tion (*W*-***) *. L**k o* p*t* s*nitiz*tion (*W*-**) T** *ommit *i** s*ows r*pl***m*nt o* os.p*t*.joi