K000148478: PostgreSQL pgAdmin vulnerability CVE-2024-9014

Security Advisory Description pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. CVE-2024-9014 Impact There is no impact; F...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2024-4216: Fixed XSS in /settings/store endpoint bsc1223868 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

VulnCheck KEV: CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

[SECURITY] Fedora 40 Update: pgadmin4-8.9-3.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Exploit for CVE-2024-9014

This post is a research article published by EQSTLabhttps://g...

SUSE CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

Vulnerability fixed in pgAdmin

pgAdmin has fixed a vulnerability in pgAdmin 8.11. A malicious party could exploit the vulnerability to gain access to sensitive data. pgAdmin has released an update to fix the vulnerability. See attached references for more information...

The vulnerability in the implementation of the OAuth2 protocol for managing databases in pgAdmin 4 allows a perpetrator to increase their privileges.

The vulnerability of the OAuth2 protocol implementation in the pgAdmin 4 database management tool is related to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

GHSA-JM9X-RX9X-WPQJ OAuth2 client ID and secret exposed through the web browser

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

OAuth2 client ID and secret exposed through the web browser

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

CVE-2024-9014

pgAdmin 4 (versions ≤ 8.11) is affected by CVE-2024-9014 due to an OAuth2 authentication flaw that can expose OAuth2_CLIENT_ID and OAuth2_CLIENT_SECRET from the login/config, enabling unauthorized access to user data. The Nuclei template confirms an authentication bypass/vector leading to credent...

CVE-2024-9014 OAuth2 client id and secret exposed through the web browser in pgAdmin 4

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

pgAdmin 安全漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 8.11 and prior versions, which stems from a vulnerability that allows an attacker to obtain client IDs and secrets, resulting in unauthoriz...

PT-2024-6396

Name of the Vulnerable Software and Affected Versions pgAdmin versions 8.11 and earlier Description The issue is related to a security flaw in OAuth2 authentication, allowing an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. The vulnerability...

ROS-20240904-13

A vulnerability in the session cookie pga4session of the pgAdmin 4 database management tool is related to an incorrect serialization. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

pgAdmin 8.4 Code Execution

============================================================================================================================================= | Title : pgAdmin 8.4 PHP Code Execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

pgAdmin 8.4 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pgAdmin Binary Path API RCE', 'Description' = %q pgAdmin MSFLICENSE, 'Author' = 'M.Selim Karahan', metasploit module 'Mustafa Mutlu', lab prep. a...

pgAdmin 8.4 Remote Code Execution Exploit

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the securi...