CVE-2023-5002 Assigned to Wrong Vendor/Product

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.

Creative Commons Zero v1.0 Universal

406 stars 29 forks source link

CVE-2023-5002 Assigned to Wrong Vendor/Product #19

Closed j-baines closed 1 month ago

j-baines commented 1 month ago

CVE-2023-5002 is a vulnerability affecting pgAdmin. Currently, CISA ADP indicates the vulnerability is associated with the Linux kernel.

Additionally, according to Red Hat's bugzilla and the pgAdmin issue, this was fixed in 7.7 and all previous versions are affected.

I'd also point out that "version": "7.6*" doesn't make a whole lot of sense in the first place.

jwoytek-cisa commented 1 month ago

@j-baines Thank you for the report! We are looking into this upstream and will republish this entry after it is updated. I am going to merge this PR, but be aware that upstream edits will overwrite those changes.