CVE-2024-4215
Last modified
CVE-2024-4215 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.. EPSS estimates a 0.63% chance of exploitation in the next 30 days.
Description
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pgadmin | Pgadmin 4 | < 8.6 |
| Fedoraproject | Fedora | 40 |
References
- https://github.com/pgadmin-org/pgadmin4/issues/7425Issue Tracking
- https://github.com/pgadmin-org/pgadmin4/issues/7425Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-4215?
How severe is CVE-2024-4215?
How do I fix CVE-2024-4215?
Are you affected by CVE-2024-4215?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST