Lucene search

Veracode Vulnerability DatabaseVERACODE:46755

HistoryMay 06, 2024 - 6:41 a.m.

Authentication Bypass

2024-05-0606:41:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

pgadmin4

authentication bypass

vulnerability

mfa process

software

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

pgadmin4 is vulnerable to Authentication Bypass. The vulnerability is due to a flaw in the multi-factor authentication process, which allows an attacker with knowledge of a legitimate account’s username and password to authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

CPENameOperatorVersion
pgadmin4le8.5
pgadmin4le8.5

CPE	Name	Operator	Version
	pgadmin4	le	8.5
	pgadmin4	le	8.5

References

github.com/pgadmin-org/pgadmin4/commit/f4761f55f7cf6d56d6c5129f921393b0b47fd976

github.com/pgadmin-org/pgadmin4/issues/7425

lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/