CVE-2024-4215
The Multi Factor Authentication bypass vulnerability in pgAdmin 4
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
pgAdmin <= 8.5 se ve afectado por una vulnerabilidad de omisión de autenticación multifactor. Esta vulnerabilidad permite que un atacante con conocimiento del nombre de usuario y la contraseña de una cuenta legítima pueda autenticarse en la aplicación y realizar acciones confidenciales dentro de la aplicación, como administrar archivos y ejecutar consultas SQL, independientemente del estado de inscripción en MFA de la cuenta.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-04-25 CVE Reserved
- 2024-05-02 CVE Published
- 2024-05-03 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pgadmin.org Search vendor "Pgadmin.org" | PgAdmin 4 Search vendor "Pgadmin.org" for product "PgAdmin 4" | < 8.6 Search vendor "Pgadmin.org" for product "PgAdmin 4" and version " < 8.6" | en |
Affected
| ||||||