CVE-2024-4215
moderate-risk
Published 2024-05-02
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (4)
Issue Tracking
https://github.com/pgadmin-org/pgadmin4/issues/7425
Issue Tracking
https://github.com/pgadmin-org/pgadmin4/issues/7425
33
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
0/34 · Minimal
Exposure
7/34 · Low