Home > Vulnerability Database > CVE-2023-1907

Mend.io Vulnerability Database

CVE-2023-1907

Good to know:

Date: January 9, 2025

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

Severity Score

8.0

Related Resources (8)

Url: https://github.com/pgadmin-org/pgadmin4/blob/a9974b418c49760d3989b7fb25e052ff16b89ac6/docs/en_US/release_notes_7_0.rst

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1907

Url: https://github.com/pgadmin-org/pgadmin4/commit/fa29ba91632634d961f937ce3ed2c3b5a9d78f59

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2218384

Url: https://github.com/pgadmin-org/pgadmin4/issues/6100

Url: https://github.com/pgadmin-org/pgadmin4

Url: https://access.redhat.com/security/cve/CVE-2023-1907

Url: https://www.mend.io/vulnerability-database/CVE-2023-1907

Severity Score

8.0

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Exposure of Data Element to Wrong Session

CWE-488

Top Fix

Upgrade Version

Upgrade to version pgadmin4 - 7.0

Learn More

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1907

Good to know:

Date: January 9, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?