Authentication Bypass Affecting pgadmin4 package, versions [,8.6)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Authentication Bypass vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PYTHON-PGADMIN4-6808785
  • published5 May 2024
  • disclosed2 May 2024
  • creditUnknown

Introduced: 2 May 2024

CVE-2024-4215  (opens in a new tab)
CWE-287  (opens in a new tab)

How to fix?

Upgrade pgadmin4 to version 8.6 or higher.

Overview

pgadmin4 is a PostgreSQL Tools

Affected versions of this package are vulnerable to Authentication Bypass due to a flaw in the multi-factor authentication process. An attacker with knowledge of a legitimate account's username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account's MFA enrollment status.

CVSS Scores

version 3.1