2278850 – (CVE-2024-4215) CVE-2024-4215 pgadmin4: multi-factor authentication bypass

Bug 2278850 (CVE-2024-4215) - CVE-2024-4215 pgadmin4: multi-factor authentication bypass

Summary: CVE-2024-4215 pgadmin4: multi-factor authentication bypass

Keywords:
Status:	NEW
Alias:	CVE-2024-4215
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2278852 2278854 2278856
Blocks:
TreeView+	depends on / blocked

Reported:	2024-05-03 11:13 UTC by TEJ RATHI
Modified:	2024-05-03 11:18 UTC (History)
CC List:	0 users
Fixed In Version:	pgadmin4 rel-8_6
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2024-05-03 11:13:47 UTC

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

https://github.com/pgadmin-org/pgadmin4/issues/7425

Comment 1 TEJ RATHI 2024-05-03 11:16:50 UTC

Created pgadmin4 tracking bugs for this issue:

Affects: fedora-38 [bug 2278852]
Affects: fedora-39 [bug 2278854]
Affects: fedora-40 [bug 2278856]

Note You need to log in before you can comment on or make changes to this bug.