CVE-2024-4215

May 2, 2024, 6:15 p.m.

7.4
High

Description

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

Product(s) Impacted

Product Versions
pgAdmin
  • <= 8.5

Weaknesses

References

https://github.com/pgadmin-org/pgadmin4/issues/7425

Tags

2024-05-02
CVE-2024-4215
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

CVSS Score

7.4 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Date

  • Published: May 2, 2024, 6:15 p.m.
  • Last Modified: May 2, 2024, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.