OAuth2 Authentication Vulnerability in pgAdmin Affecting User Data Access
CVE-2024-9014

Currently unrated

Key Information:

Vendor

pgAdmin

Vendor
CVE Published:
23 September 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%

What is CVE-2024-9014?

A vulnerability exists in pgAdmin's OAuth2 authentication mechanism that endangers user data by exposing the client ID and secret. This flaw permits potential attackers to exploit authentication weaknesses, potentially leading to unauthorized access to sensitive information. Users of pgAdmin versions 8.11 and earlier are particularly at risk, making it essential for organizations to assess their security posture and apply necessary patches to mitigate the threat.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

92% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.