Permalink
CVE-2023-1907
8.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
References
- RHBZ#2218384 issue-tracking x_refsource_REDHAT
- RHBZ#2218384 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-1907 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-1907 x_refsource_REDHAT vdb-entry
- RHBZ#2218384 issue-tracking x_refsource_REDHAT
Affected products
pgadmin
- <7.0
Matching in nixpkgs
pkgs.pgadmin
Administration and development platform for PostgreSQL
-
nixos-unstable -
- nixpkgs-unstable 9.8
pkgs.pgadmin4
Administration and development platform for PostgreSQL
-
nixos-unstable -
- nixpkgs-unstable 9.8
pkgs.pgadmin4-desktopmode
Administration and development platform for PostgreSQL. Desktop Mode
-
nixos-unstable -
- nixpkgs-unstable 9.8
Package maintainers
-
@gador Florian Brandes <florian.brandes@posteo.de>