HIGH 7.4

GHSA-2mvc-557g-5638

pgAdmin is affected by a multi-factor authentication bypass vulnerability

상세

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pgadmin4

최초 영향 버전: 0 수정 버전: 8.6

수정 pip install --upgrade 'pgadmin4>=8.6'

참고

https://nvd.nist.gov/vuln/detail/CVE-2024-4215 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/7425 [WEB]
https://github.com/pgadmin-org/pgadmin4/commit/f4761f55f7cf6d56d6c5129f921393b0b47fd976 [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE [WEB]