Unauthorized Access to Installation Directory in pgAdmin 8.8
CVE-2024-6238

7.4HIGH

Key Information:

Vendor: Pgadmin.org
Status: Pgadmin 4
Vendor: CVE Published:; 25 June 2024

🔔 Create Pgadmin.org Vulnerability Alert

What is CVE-2024-6238?

pgAdmin versions up to 8.8 are susceptible to a vulnerability that allows attackers to exploit installation directory permissions. This issue enables unauthorized access to the installation directory, particularly on Debian and RHEL 8 operating systems. Users of affected versions should exercise caution, as this vulnerability may lead to significant security risks and potential data breaches.

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/issues/7605

issue-tracking

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jun 21, 2024