CVE-2024-4215

Name of the Vulnerable Software and Affected Versions pgAdmin versions <= 8.5

Description The issue exists due to the incorrect implementation of multi-factor authentication in the pgAdmin database management tool. This allows a remote attacker to gain unauthorized access to the application and execute arbitrary SQL code. An attacker with knowledge of a legitimate account's username and password may authenticate to the application and perform sensitive actions, such as managing files and executing SQL queries, regardless of the account's MFA enrollment status.

Recommendations For pgAdmin versions <= 8.5, update to a version that includes a fix for the multi-factor authentication bypass issue. As a temporary workaround, consider restricting access to sensitive actions within the application to minimize the risk of exploitation.