HIGH 8.6

GHSA-jm9x-rx9x-wpqj

OAuth2 client ID and secret exposed through the web browser

Details

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pgadmin4

Introduced in: 0 Fixed in: 8.12

Fix pip install --upgrade 'pgadmin4>=8.12'

References

https://nvd.nist.gov/vuln/detail/CVE-2024-9014 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/7945 [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]
https://www.pgadmin.org/docs/pgadmin4/8.12/release_notes_8_12.html [WEB]