CVE-2024-9014
published 2024-09-23CVE-2024-9014: pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the…
PriorityP277medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.76%
94.9th percentile
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pgadmin.org | pgadmin_4 | < 8.12 | 8.12 |
| pgadmin | pgadmin_4 | < 8.12 | 8.12 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send a GET request to /login?next=/ and check the HTTP 200 response body for the string 'OAUTH2_CLIENT_SECRET' (present) while confirming 'OAUTH2_CLIENT_SECRET": null' is NOT present — indicating the secret is exposed in the login page. ↗
- →The vulnerability exposes OAuth2 client ID and secret in the pgAdmin 4 login page HTML response; look for non-null OAUTH2_CLIENT_SECRET values rendered in the page body. ↗
- →FOFA fingerprint query 'pgadmin4' can be used to identify exposed pgAdmin 4 instances for mass scanning. ↗
- ·Vulnerability only triggers when OAuth2 authentication is configured in pgAdmin 4; instances not using OAuth2 will not expose OAUTH2_CLIENT_SECRET in the login page. ↗
- ·A non-null OAUTH2_CLIENT_SECRET in the login page body is the key differentiator for a vulnerable instance; a null value indicates the secret is not exposed. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck9.9CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OAuth2 client ID and secret exposed through the web browser
osv·2024-09-23
CVE-2024-9014 [HIGH] OAuth2 client ID and secret exposed through the web browser
OAuth2 client ID and secret exposed through the web browser
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
GHSA
OAuth2 client ID and secret exposed through the web browser
ghsa·2024-09-23
CVE-2024-9014 [HIGH] CWE-522 OAuth2 client ID and secret exposed through the web browser
OAuth2 client ID and secret exposed through the web browser
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
VulnCheck
pgAdmin 4 OAuth2 Authentication Bypass Vulnerability
vulncheck·2024·CVSS 9.9
CVE-2024-9014 [CRITICAL] pgAdmin 4 OAuth2 Authentication Bypass Vulnerability
pgAdmin 4 OAuth2 Authentication Bypass Vulnerability
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
Affected: pgAdmin pgAdmin 4
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-10-07&host_type=src&vulnerability=cve-2024-9014; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-10-12&host_type=src&vulnerability=cve-2024-9014; https://dashboard.shadowserver.org/statistics
No detection rules found.
Nuclei
pgAdmin 4 - Authentication Bypass
nuclei·CVSS 6.5
CVE-2024-9014 [MEDIUM] pgAdmin 4 - Authentication Bypass
pgAdmin 4 - Authentication Bypass
pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
Template:
id: CVE-2024-9014
info:
name: pgAdmin 4 - Authentication Bypass
author: s4e-io
severity: critical
description: |
pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
impact: |
Attackers can potentially obtain OAuth2 client ID and secret from exposed configuration in the login page, leading to unauthorized access to user data, authentication bypass,
2024-09-23
Published
Exploited in the wild