CVE-2024-9014
high-risk
Published 2024-09-23
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
Do I need to act?
!
92.9% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: a0aa1855186bbe769182e797dc546812ed4dc720
9
CVSS 9.9/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (1)
Issue Tracking
https://github.com/pgadmin-org/pgadmin4/issues/7945
58
/ 100
high-risk
Severity
33/34 · Critical
Exploitability
20/34 · Moderate
Exposure
5/34 · Minimal