2314259 – (CVE-2024-9014) CVE-2024-9014 pgadmin4: OAuth2 issue in pgAdmin 4

Bug 2314259 (CVE-2024-9014) - CVE-2024-9014 pgadmin4: OAuth2 issue in pgAdmin 4

Summary: CVE-2024-9014 pgadmin4: OAuth2 issue in pgAdmin 4

Keywords:
Status:	NEW
Alias:	CVE-2024-9014
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2314267
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-23 17:20 UTC by OSIDB Bzimport
Modified:	2024-09-23 18:20 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-23 17:20:36 UTC

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

Note You need to log in before you can comment on or make changes to this bug.