Two critical security vulnerabilities have been identified in pgAdmin, the popular open-source administration tool for PostgreSQL. These vulnerabilities, tagged as CVE-2024-4216 and CVE-2024-4215, carry a high severity rating of 7.4 and affect various versions of the tool prior to 8.5. CVE-2024-4216 is a cross-site scripting (XSS) vulnerability that can allow attackers to execute malicious scripts and potentially steal sensitive information such as cookies. CVE-2024-4215 allows attackers to bypass multi-factor authentication (MFA), giving them unauthorized access to perform actions like file management and SQL query execution.
CVE-2024-4216 exploits a flaw within the /settings/store API of pgAdmin where a crafted POST request can inject malicious scripts. Researchers demonstrated this vulnerability using a man-in-the-middle proxy to intercept and modify the POST request, ultimately causing the malicious script to execute on the client’s browser. This type of vulnerability is particularly dangerous as it can lead to data theft and other malicious activities carried out under the guise of the victim’s session.
On the other hand, CVE-2024-4215 poses a risk by allowing an attacker, who already possesses valid login credentials, to bypass the MFA protections set up in pgAdmin. Once inside the system, the attacker can manipulate files and execute SQL queries, irrespective of whether they have cleared the additional authentication steps mandated by MFA. This flaw undermines the security measures that are designed to provide a layer of security even when the primary authentication factor (password) has been compromised.
Both vulnerabilities were promptly addressed by the maintainers of pgAdmin, with patches rolled out in the newer releases. Users of affected versions are strongly recommended to upgrade to the latest version of pgAdmin, v4 8.6, to mitigate the risks posed by these security flaws. This update is crucial for maintaining the integrity and security of PostgreSQL databases managed through pgAdmin, particularly for enterprises that rely on it for daily database administration and development tasks.
