CVE-2024-9014
OAuth2 client id and secret exposed through the web browser in pgAdmin 4
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
pgadmin.org · pgAdmin 4public PoCs found — 2
githubgithub.com/EQSTLab/CVE-2024-9014★ 8githubgithub.com/r0otk3r/CVE-2024-9014★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →