FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-9014

Insufficiently Protected Credentials (CWE-522)

Published: Sep 23, 2024 / Updated: 57d ago

010
CVSS 9.9EPSS 0.04%Critical
CVE info copied to clipboard

Summary

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

Impact

This vulnerability has a high severity impact. It allows attackers to potentially gain unauthorized access to user data through the exploitation of OAuth2 authentication flaws. The impact on confidentiality, integrity, and availability is rated as HIGH, with a CVSS base score of 9.9 out of 10. The attack vector is through the network, requires low attack complexity, and no user interaction, making it relatively easy for attackers to exploit.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the current information, a specific patch is not mentioned. However, given that the vulnerability affects pgAdmin versions 8.11 and earlier, it's likely that upgrading to a version later than 8.11 (if available) would address this vulnerability.

Mitigation

While a specific patch is not mentioned, the following mitigation steps are recommended: 1. Upgrade pgAdmin to a version newer than 8.11 if available. 2. If upgrading is not immediately possible, consider disabling OAuth2 authentication temporarily if feasible. 3. Implement strong network segmentation to limit access to pgAdmin instances. 4. Monitor for any suspicious activities related to OAuth2 authentication in pgAdmin. 5. Regularly audit and rotate OAuth2 client IDs and secrets. 6. Implement additional authentication layers where possible.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9014. See article

Sep 23, 2024 at 4:12 PM / PostgreSQL news
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 23, 2024 at 4:12 PM
CVE Assignment

NVD published the first details for CVE-2024-9014

Sep 23, 2024 at 5:15 PM
CVSS

A CVSS base score of 9.9 has been assigned.

Sep 23, 2024 at 5:21 PM / nvd
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 23, 2024 at 5:34 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 24, 2024 at 9:33 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (731806)

Sep 25, 2024 at 7:53 AM
Threat Intelligence Report

CVE-2024-9014 is a critical vulnerability (CVSS: 9.9) in pgAdmin’s OAuth2 authentication system that could allow attackers to gain unauthorized access to sensitive user data by compromising client IDs and secrets. The details regarding exploitation in the wild, proof-of-concept exploits, mitigations, detections, or patches are not provided in the available information. There is no mention of downstream impacts to other third-party vendors or technology. See article

Sep 25, 2024 at 10:33 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (5001122)

Oct 1, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Pgadmin/pgadmin
+null more

Links to Mitre Att&cks

T1558.003: Kerberoasting
+null more

Attack Patterns

CAPEC-102: Session Sidejacking
+null more

References

Critical Ivanti vTM Vulnerability Exploited (CVE-2024-7593); pgAdmin Flaw Could Expose Data (CVE-2024-9014)
SOCRadar® Cyber Intelligence Inc. / 55d
The vulnerability in Ivanti’s Virtual Traffic Manager (vTM), first addressed in a mid-August advisory by the company, has now been flagged by CISA as actively exploited and added to the Known Exploited Vulnerabilities (KEV) Catalog. Ivanti’s advisory emphasized the importance of patching and securing these instances to avoid unauthorized access; and most recently, CISA issued an alert confirming the addition of CVE-2024-7593 to the KEV Catalog, with a deadline of October 15, 2024 for federal agencies to address this critical vulnerability.
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Cybersecurity Blog for Third Party Risk Management - Black Kite / 11d
Black Kite’s FocusTag™ for CVE-2024-47939 was published on November 4, 2024, equipping TPRM professionals with actionable intelligence to identify and assess vendors utilizing vulnerable Ricoh printers and MFPs. By leveraging Black Kite’s platform, organizations can precisely filter and target vendors that operate affected Ricoh devices, thereby streamlining their risk assessment and mitigation processes. Have you configured firewall rules to block unauthorized IPs from accessing the device and limited access to the Web Image Monitor to trusted networks only to prevent potential exploitation of CVE-2024-47939?
@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 38 - SANS Institute
Google Alert - security-vulnerability OR cyber-vulnerability OR software-vulnerability OR hardware-vulnerability OR systems-vulnerability / 53d
Product: Apache HugeGraph-Server CVSS Score: 0 ** KEV since 2024-09-18 ** NVD: ISC Podcast: CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451). Product: Ivanti Endpoint Manager Cloud Services Appliance CVSS Score: 9.1 ** KEV since 2024-09-19 ** NVD: ISC Podcast: NVD References: CVE-2024-9043 - Cellopoint's Secure Email Gateway is vulnerable to buffer overflow in authentication allowing remote attackers to crash the process and gain admin privileges.

News

Fedora 41 : pgadmin4 (2024-4944ad2c87)
Newest Plugins from Tenable / 5d
Nessus Plugin ID 211291 with Critical Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4944ad2c87 advisory. Fix CVE-2024-9014. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected pgadmin4 package. Read more at https://www.tenable.com/plugins/nessus/211291
FOCUS FRIDAY: TPRM INSIGHTS ON LITESPEED CACHE, RICOH WEB IMAGE MONITOR, SQUID PROXY, AND XLIGHT FTP VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Cybersecurity Blog for Third Party Risk Management - Black Kite / 11d
Black Kite’s FocusTag™ for CVE-2024-47939 was published on November 4, 2024, equipping TPRM professionals with actionable intelligence to identify and assess vendors utilizing vulnerable Ricoh printers and MFPs. By leveraging Black Kite’s platform, organizations can precisely filter and target vendors that operate affected Ricoh devices, thereby streamlining their risk assessment and mitigation processes. Have you configured firewall rules to block unauthorized IPs from accessing the device and limited access to the Web Image Monitor to trusted networks only to prevent potential exploitation of CVE-2024-47939?
Fedora 41 update for pgadmin4
Security feed from CyberSecurity Help / 19d
The vulnerability allows a remote attacker to bypass authentication process. Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
SUSE update for pgadmin4
Security feed from CyberSecurity Help / 19d
A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in arbitrary code execution or denial of service (DoS). A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
OAuth2 authentication bypass in pgAdmin
Security feed from CyberSecurity Help / 19d
This security bulletin contains one high risk vulnerability. The vulnerability allows a remote attacker to bypass authentication process.
See 49 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Changed
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.9(27010)CWE-522(1149)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial