PT-2023-9834 · Pgadmin+2 · Pgadmin+2

Dhananjay Arunesh

Published

2023-04-04

Updated

2025-08-14

CVE-2023-1907

CVSS v3.1

8.0

High

Vector

AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pgadmin (affected versions not specified)

Description A vulnerability was found in pgadmin, where users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. This issue is related to incorrect session fixation due to improper access separation in the LDAP authentication configuration. Exploitation of this vulnerability may allow a remote attacker to bypass security restrictions and gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-488

Related Identifiers

BDU:2025-00245

CVE-2023-1907

GHSA-7W6R-748W-MH52

OPENSUSE-SU-2025_1326-1

SUSE-SU-2025:01326-1

SUSE-SU-2025:1326-1

SUSE-SU-2025_1326-1

Affected Products

Pgadmin

Red Os

Suse

PT-2023-9834 · Pgadmin+2 · Pgadmin+2

CVE-2023-1907

Weakness Enumeration

Related Identifiers

Affected Products

References · 33