pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

Affected Packages

PyPI pgadmin4

Affected versions: 0 (fixed in 8.6)

Related CVEs

CVE-2024-4215

Key Information

GHSA ID

GHSA-2mvc-557g-5638

Published

May 2, 2024 6:30 PM

Last Modified

February 13, 2025 7:00 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

pgadmin4

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.