pgAdmin 4 - Authentication Bypass
ID: CVE-2024-9014
Severity: critical
Author: s4e-io
Tags: cve,cve2024,pgadmin,exposure,auth-bypass
Description
Section titled “Description”pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
YAML Source
Section titled “YAML Source”id: CVE-2024-9014
info: name: pgAdmin 4 - Authentication Bypass author: s4e-io severity: critical description: | pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. reference: - https://github.com/EQSTLab/CVE-2024-9014 - https://github.com/pgadmin-org/pgadmin4/issues/7945 - https://nvd.nist.gov/vuln/detail/CVE-2024-9014 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2024-9014 cwe-id: CWE-522 epss-score: 0.00043 epss-percentile: 0.09595 metadata: verified: true max-request: 1 vendor: pgadmin-org product: pgadmin4 fofa-query: "pgadmin4" tags: cve,cve2024,pgadmin,exposure,auth-bypass
http: - raw: - | GET /login?next=/ HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: regex part: body negative: true regex: - 'OAUTH2_CLIENT_SECRET": null'
- type: word part: body words: - '<title>pgAdmin 4</title>' - 'OAUTH2_CLIENT_SECRET' condition: and
- type: status status: - 200# digest: 4a0a00473045022100d6489e8b4db49c218d5cc27aef953f9266e84d79552691f4477e1a3299bec3b4022039a1da87e5bfefebe08c151c57f9b747603d52c1e2e2bc3ccddb417584aafe9c:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-9014.yaml"