High severityNVD Advisory· Published Sep 23, 2024· Updated Sep 23, 2024
OAuth2 client id and secret exposed through the web browser in pgAdmin 4
CVE-2024-9014
Description
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pgadmin4PyPI | < 8.12 | 8.12 |
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-jm9x-rx9x-wpqjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-9014ghsaADVISORY
- github.com/pgadmin-org/pgadmin4/issues/7945ghsaissue-trackingWEB
- www.pgadmin.org/docs/pgadmin4/8.12/release_notes_8_12.htmlghsaWEB
News mentions
0No linked articles in our index yet.