Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ybXZjLTU1N2ctNTYzOM4AA7ig
pgAdmin is affected by a multi-factor authentication bypass vulnerability
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
Permalink: https://github.com/advisories/GHSA-2mvc-557g-5638JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ybXZjLTU1N2ctNTYzOM4AA7ig
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 10 days ago
CVSS Score: 7.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Identifiers: GHSA-2mvc-557g-5638, CVE-2024-4215
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-4215
- https://github.com/pgadmin-org/pgadmin4/issues/7425
- https://github.com/pgadmin-org/pgadmin4/commit/f4761f55f7cf6d56d6c5129f921393b0b47fd976
- https://lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE
- https://github.com/advisories/GHSA-2mvc-557g-5638
Blast Radius: 12.6
Affected Packages
pypi:pgadmin4
Dependent packages: 1Dependent repositories: 51
Downloads: 10,374 last month
Affected Version Ranges: <= 8.5
Fixed in: 8.6
All affected versions:
All unaffected versions: