{"affected":[{"ecosystem_specific":{"binaries":[{"pgadmin4":"4.30-150300.3.18.1","pgadmin4-doc":"4.30-150300.3.18.1","pgadmin4-web":"4.30-150300.3.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Python 3 15 SP6","name":"pgadmin4","purl":"pkg:rpm/suse/pgadmin4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.30-150300.3.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n","id":"SUSE-SU-2025:01326-1","modified":"2025-08-14T13:03:13Z","published":"2025-08-14T13:03:13Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202501326-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224295"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234840"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239308"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-1907"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-4068"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-27152"}],"related":["CVE-2023-1907","CVE-2024-4068","CVE-2025-27152"],"summary":"Security update for pgadmin4","upstream":["CVE-2023-1907","CVE-2024-4068","CVE-2025-27152"]}