Products
pgAdmin
- 8.11 and earlier
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
Tags
CVE-2024-9014 details
Published : Sept. 23, 2024, 5:15 p.m.
Last Modified : Sept. 23, 2024, 8:35 p.m.
Last Modified : Sept. 23, 2024, 8:35 p.m.
Description
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-522 | Insufficiently Protected Credentials | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.9
Exploitability Score
3.1
Impact Score
6.0
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
URL | Source |
---|---|
https://github.com/pgadmin-org/pgadmin4/issues/7945 | f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 |
This website uses the NVD API, but is not approved or certified by it.