HIGH🇬🇧 English

CVE-2023-1907

CVSS 8.0v3.1pub. 2025-01-09upd. 2025-06-20

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Pgadmin

    APP
    Pgadmin
    < 7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-12048CRITICAL9.3ten sam vendor

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a P...

CVE-2026-12046CRITICAL9.5ten sam vendor

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POS...

CVE-2026-12045CRITICAL9.4ten sam vendor

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database conte...

CVE-2026-7813CRITICAL9.4PL ✓ten sam vendor

pgAdmin 4: nieautoryzowany dostęp i privilege escalation w trybie serwerowym

CVE-2025-13780CRITICAL9.1PL ✓ten sam vendor

RCE w pgAdmin 4 poprzez złośliwe pliki dump w trybie serwerowym