GSA_kwCzR0hTQS1qbTl4LXJ4OXgtd3Bxas4AA_ue

High EPSS: 0.92424% (0.9972 Percentile) EPSS:

Permalink JSON

OAuth2 client ID and secret exposed through the web browser

Affected Packages	Affected Versions	Fixed Versions
pypi:pgadmin4	< 8.12	8.12
1 Dependent packages 51 Dependent repositories 13,687 Downloads last month Affected Version Ranges All affected versions All unaffected versions

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-9014
https://github.com/pgadmin-org/pgadmin4/issues/7945
https://www.pgadmin.org/docs/pgadmin4/8.12/release_notes_8_12.html
https://github.com/advisories/GHSA-jm9x-rx9x-wpqj

Identifiers

GHSA-jm9x-rx9x-wpqj

CVE-2024-9014

Risk

Severity

High

EPSS

EPSS Percentage: 0.92424

EPSS Percentile: 0.9972

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/pgadmin-org/pgadmin4

Date and time

Published

10 months ago

Updated

10 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories