CVE-2023-1907: pgAdmin has Incorrect Default Permissions
(updated )
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user’s session if multiple connection attempts occur simultaneously.
References
- access.redhat.com/security/cve/CVE-2023-1907
- bugzilla.redhat.com/show_bug.cgi?id=2218384
- github.com/advisories/GHSA-7w6r-748w-mh52
- github.com/pgadmin-org/pgadmin4
- github.com/pgadmin-org/pgadmin4/blob/a9974b418c49760d3989b7fb25e052ff16b89ac6/docs/en_US/release_notes_7_0.rst
- github.com/pgadmin-org/pgadmin4/commit/fa29ba91632634d961f937ce3ed2c3b5a9d78f59
- github.com/pgadmin-org/pgadmin4/issues/6100
- nvd.nist.gov/vuln/detail/CVE-2023-1907
Code Behaviors & Features
Detect and mitigate CVE-2023-1907 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →