CVE-2024-4215

EUVD-2024-1364
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
pgadminpgadmin_4
𝑥
< 8.6
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
postgresqlpgadmin
𝑥
≤ 8.5
ADP
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
pgadmin4
suse enterprise desktop 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
8.5-150600.3.3.1
fixed
suse enterprise sap 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise sap 15 SP7
8.5-150600.3.3.1
fixed
suse enterprise server 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise server 15 SP7
8.5-150600.3.3.1
fixed
pgadmin4-doc
suse enterprise desktop 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
8.5-150600.3.3.1
fixed
suse enterprise sap 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise sap 15 SP7
8.5-150600.3.3.1
fixed
suse enterprise server 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise server 15 SP7
8.5-150600.3.3.1
fixed
system-user-pgadmin
suse enterprise desktop 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise desktop 15 SP7
8.5-150600.3.3.1
fixed
suse enterprise sap 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise sap 15 SP7
8.5-150600.3.3.1
fixed
suse enterprise server 15 SP6
8.5-150600.3.3.1
fixed
suse enterprise server 15 SP7
8.5-150600.3.3.1
fixed
Common Weakness Enumeration
References
https://github.com/pgadmin-org/pgadmin4/issues/7425
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/
https://github.com/pgadmin-org/pgadmin4/issues/7425
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/