{"id":"GHSA-7w6r-748w-mh52","summary":"pgAdmin has Incorrect Default Permissions","details":"A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.","aliases":["CVE-2023-1907"],"modified":"2025-02-06T20:11:39.795039Z","published":"2025-01-09T09:31:42Z","database_specific":{"severity":"HIGH","nvd_published_at":"2025-01-09T08:15:24Z","github_reviewed_at":"2025-01-09T17:34:19Z","github_reviewed":true,"cwe_ids":["CWE-276","CWE-488"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1907"},{"type":"WEB","url":"https://github.com/pgadmin-org/pgadmin4/issues/6100"},{"type":"WEB","url":"https://github.com/pgadmin-org/pgadmin4/commit/fa29ba91632634d961f937ce3ed2c3b5a9d78f59"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2023-1907"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218384"},{"type":"PACKAGE","url":"https://github.com/pgadmin-org/pgadmin4"},{"type":"WEB","url":"https://github.com/pgadmin-org/pgadmin4/blob/a9974b418c49760d3989b7fb25e052ff16b89ac6/docs/en_US/release_notes_7_0.rst"}],"affected":[{"package":{"name":"pgadmin4","ecosystem":"PyPI","purl":"pkg:pypi/pgadmin4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0"}]}],"versions":["4.20","4.22","4.23","4.24","4.25","4.26","4.27","4.28","4.29","4.30","5.0","5.1","5.2","5.3","5.4","5.5","5.6","5.7","6.10","6.11","6.12","6.13","6.14","6.15","6.16","6.17","6.18","6.19","6.2","6.20","6.21","6.3","6.4","6.5","6.6","6.7","6.8","6.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-7w6r-748w-mh52/GHSA-7w6r-748w-mh52.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}]}