CVE-2024-4215 HIGH

CVE-2024-4215: The Multi Factor Authentication bypass vulnerability in pgAdmin 4

Vendor Pgadmin.org
Product pgAdmin 4
Published May 2, 2024
Last update February 13, 2025

CVSS base score

7.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

Key dates

02Disclosure timeline

May 2, 2024 CVE published
February 13, 2025 Record updated