pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
The vulnerability classified as CWE-522 (Insufficiently Protected Credentials) indicates that OAuth2 authentication data — client ID and client secret — are stored or transmitted in an insufficiently protected manner. A logged-in attacker with network access can obtain this data without needing to meet additional conditions (low privilege level, no user interaction required). Obtaining the client secret allows impersonation of the application and takeover of control over the OAuth2 authorization flow.
An attacker can obtain unauthorized access to user accounts and their data, and by compromising the client secret — also impersonate the application within the OAuth2 authentication process, resulting in complete breach of confidentiality, integrity, and availability of the environment.
pgAdmin 4 should be updated to a version higher than 8.11. Details regarding available patches can be found in the vendor's references: https://github.com/pgadmin-org/pgadmin4/issues/7945
pgAdmin 4 versions 8.11 and earlier using OAuth2 authentication
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HPgadmin 4
APPPgadmin< 8.12
Related vulnerabilities
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a P...
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POS...
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database conte...
pgAdmin 4: nieautoryzowany dostęp i privilege escalation w trybie serwerowym
RCE w pgAdmin 4 poprzez złośliwe pliki dump w trybie serwerowym