CVE-2023-1907
pgAdmin has Incorrect Default Permissions
8.0
HIGH
CVSS 3.1
EPSS 0.14%
Description
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
How to fix CVE-2023-1907
To remediate CVE-2023-1907, upgrade the affected package to a fixed version below.
- PyPI/pgadmin4—upgrade to 7.0 or later
Is CVE-2023-1907 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H |