CVE-2024-4215

CVE Database · CVE-2024-4215

CVE-2024-4215

· HIGHAnalyzed

CVSS v3.1

7.4

EPSS

0.63%

Published

May 2, 2024

Modified

Sep 19, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Weaknesses (CWE)

CWE-89

Affected Products (2)

pgadmin · pgadmin_4 (up to 8.6)vulnerable

fedoraproject · fedoravulnerable

References (4)

https://github.com/pgadmin-org/pgadmin4/issues/7425

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/

Mailing List

https://github.com/pgadmin-org/pgadmin4/issues/7425

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2YFVCB4HCXU3FQBZ5XTWJZWSZUDNCXE/

Mailing List

KEV Catalog EPSS Scores Vendors All CVEs