logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2023-1907 pgadmin4

Package

Manager: pip
Name: pgadmin4
Vulnerable Version: >=0 <7.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00078 pctl0.2391

Details

pgAdmin has Incorrect Default Permissions A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

Metadata

Created: 2025-01-09T09:31:42Z
Modified: 2025-02-06T19:50:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-7w6r-748w-mh52/GHSA-7w6r-748w-mh52.json
CWE IDs: ["CWE-276", "CWE-488"]
Alternative ID: GHSA-7w6r-748w-mh52
Finding: F159
Auto approve: 1