CVE-2024-6238Incorrect Default Permissions in Pgadmin 4

CWE-276Incorrect Default PermissionsCWE-287Improper Authentication4 documents4 sources
Severity
5.3MEDIUMNVD
CNA7.4
EPSS
0.1%
top 79.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pgadmin.org Pgadmin 4Pgadmin 4
Timeline
PublishedJun 25
Latest updateJul 25

Description

pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5pgadmin.org/pgadmin_4< 8.9

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
Craft CMS Allows TOTP Token To Stay Valid After Use2024-07-25
CVEList
pgAdmin 4 Installation Directory permission issue2024-06-25
GHSA
GHSA-783m-7jjf-pmgr: pgAdmin <= 82024-06-25
CVE-2024-6238 — Incorrect Default Permissions | cvebase