Home > Vulnerability Database > CVE-2024-4215

Mend.io Vulnerability Database

CVE-2024-4215

Good to know:

Date: May 2, 2024

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

Language: Python

Severity Score

7.4

Related Resources (7)

Url: https://github.com/pgadmin-org/pgadmin4/commit/f4761f55f7cf6d56d6c5129f921393b0b47fd976

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-4215

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE

Url: https://github.com/pgadmin-org/pgadmin4

Url: https://github.com/pgadmin-org/pgadmin4/issues/7425

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/

Url: https://www.mend.io/vulnerability-database/CVE-2024-4215

Severity Score

7.4

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version pgadmin4 - 8.6

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-4215

Good to know:

Date: May 2, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?