Bug 2278850 (CVE-2024-4215) - CVE-2024-4215 pgadmin4: multi-factor authentication bypass
Summary: CVE-2024-4215 pgadmin4: multi-factor authentication bypass
Keywords:
Status: NEW
Alias: CVE-2024-4215
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2278854 2278852 2278856
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-05-03 11:13 UTC by TEJ RATHI
Modified: 2024-05-03 11:18 UTC (History)
0 users

Fixed In Version: pgadmin4 rel-8_6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2024-05-03 11:13:47 UTC
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

https://github.com/pgadmin-org/pgadmin4/issues/7425

Comment 1 TEJ RATHI 2024-05-03 11:16:50 UTC
Created pgadmin4 tracking bugs for this issue:

Affects: fedora-38 [bug 2278852]
Affects: fedora-39 [bug 2278854]
Affects: fedora-40 [bug 2278856]


Note You need to log in before you can comment on or make changes to this bug.