Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-4215

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

Published

2024-05-02T18:15:07.593

Last Modified

2025-09-19T13:37:32.307

Status

Analyzed

Source

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pgadmin	pgadmin_4	< 8.6	Yes
Operating System	fedoraproject	fedora	40	Yes

References

https://github.com/pgadmin-org/pgadmin4/issues/7425 Issue Tracking (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007)
https://lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/ Mailing List (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007)
https://github.com/pgadmin-org/pgadmin4/issues/7425 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)