OAuth2 Authentication Vulnerability in pgAdmin Affecting User Data Access
CVE-2024-9014

Currently unrated

Key Information:

Vendor: pgAdmin
Vendor: CVE Published:; 23 September 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%

What is CVE-2024-9014?

A vulnerability exists in pgAdmin's OAuth2 authentication mechanism that endangers user data by exposing the client ID and secret. This flaw permits potential attackers to exploit authentication weaknesses, potentially leading to unauthorized access to sensitive information. Users of pgAdmin versions 8.11 and earlier are particularly at risk, making it essential for organizations to assess their security posture and apply necessary patches to mitigate the threat.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9014
Created by EQSTLab

References

https://github.com/pgadmin-org/pgadmin4/issues/7945

EPSS Score

92% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 26, 2024
👾
Exploit known to exist
Sep 26, 2024
Vulnerability published
Sep 23, 2024