Multi-Factor Authentication Bypass Vulnerability Affects pgAdmin
CVE-2024-4215

7.4HIGH

Key Information:

Vendor: Pgadmin.org
Status: Pgadmin 4
Vendor: CVE Published:; 2 May 2024

🔔 Create Pgadmin.org Vulnerability Alert

What is CVE-2024-4215?

A serious vulnerability exists in pgAdmin versions up to 8.5, which allows an attacker to bypass multi-factor authentication (MFA). This issue enables individuals who possess valid usernames and passwords to gain unauthorized access to the application, effectively disregarding the MFA security measures. Once authenticated, attackers can execute sensitive operations, including managing files and running SQL queries. This creates a significant risk to data integrity and user privacy within the application.

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/issues/7425

issue-tracking

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Apr 25, 2024