CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-4215: The Multi Factor Authentication bypass vulnerability in pgAdmin 4

7.4 CVSS

Description

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

Classification

CVE ID: CVE-2024-4215

CVSS Base Severity: HIGH

CVSS Base Score: 7.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected Products

Vendor: pgadmin.org

Product: pgAdmin 4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.98% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://github.com/pgadmin-org/pgadmin4/issues/7425
https://lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/

Timeline

2025-02-14 00:32:25 UTC
CVE

The Multi Factor Authentication bypass vulnerability in pgAdmin 4