Vulnerability Description
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgadmin | Pgadmin 4 | < 8.6 |
| Fedoraproject | Fedora | 40 |
Related Weaknesses (CWE)
References
- https://github.com/pgadmin-org/pgadmin4/issues/7425Issue Tracking
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://github.com/pgadmin-org/pgadmin4/issues/7425Issue Tracking
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
FAQ
What is CVE-2024-4215?
CVE-2024-4215 is a vulnerability with a CVSS score of 7.4 (HIGH). pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate ...
How severe is CVE-2024-4215?
CVE-2024-4215 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-4215?
Check the references section above for vendor advisories and patch information. Affected products include: Pgadmin Pgadmin 4, Fedoraproject Fedora.