GHSA-2mvc-557g-5638
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2mvc-557g-5638
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2mvc-557g-5638/GHSA-2mvc-557g-5638.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-2mvc-557g-5638
- Aliases
-
- CVE-2024-4215
- Published
- 2024-05-02T18:30:55Z
- Modified
- 2025-02-13T19:15:34.833649Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L CVSS Calculator
- Summary
- pgAdmin is affected by a multi-factor authentication bypass vulnerability
- Details
-
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
- Database specific
{ "nvd_published_at": "2024-05-02T18:15:07Z", "cwe_ids": [ "CWE-89" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-03T20:18:57Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-4215
- https://github.com/pgadmin-org/pgadmin4/issues/7425
- https://github.com/pgadmin-org/pgadmin4/commit/f4761f55f7cf6d56d6c5129f921393b0b47fd976
- https://github.com/pgadmin-org/pgadmin4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE
Affected packages
PyPI / pgadmin4
Package
- Name
- pgadmin4
- View open source insights on deps.dev
- Purl
- pkg:pypi/pgadmin4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.6