CVE-2023-1907
HIGH8.0EPSS 0.14%pgAdmin has Incorrect Default Permissions
Published: 1/9/2025Modified: 2/6/2025
Also known as:GHSA-7w6r-748w-mh52
Description
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
Affected packages (1)
- PyPI/pgadmin4from 0, < 7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-1907
- PATCHhttps://github.com/pgadmin-org/pgadmin4
- WEBhttps://access.redhat.com/security/cve/CVE-2023-1907
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2218384
- WEBhttps://github.com/pgadmin-org/pgadmin4/blob/a9974b418c49760d3989b7fb25e052ff16b89ac6/docs/en_US/release_notes_7_0.rst
- WEBhttps://github.com/pgadmin-org/pgadmin4/commit/fa29ba91632634d961f937ce3ed2c3b5a9d78f59
- WEBhttps://github.com/pgadmin-org/pgadmin4/issues/6100