pgAdmin is affected by a multi-factor authentication bypass vulnerability
Moderate severity
GitHub Reviewed
Published
May 2, 2024
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Description
Published by the National Vulnerability Database
May 2, 2024
Published to the GitHub Advisory Database
May 2, 2024
Reviewed
May 3, 2024
Last updated
Nov 18, 2024
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
References