HIGH 8.0

GHSA-7w6r-748w-mh52

pgAdmin has Incorrect Default Permissions

Details

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pgadmin4

Introduced in: 0 Fixed in: 7.0

Fix pip install --upgrade 'pgadmin4>=7.0'

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1907 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/6100 [WEB]
https://github.com/pgadmin-org/pgadmin4/commit/fa29ba91632634d961f937ce3ed2c3b5a9d78f59 [WEB]
https://access.redhat.com/security/cve/CVE-2023-1907 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=2218384 [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]
https://github.com/pgadmin-org/pgadmin4/blob/a9974b418c49760d3989b7fb25e052ff16b89ac6/docs/en_US/release_notes_7_0.rst [WEB]