Exposure of Data Element to Wrong Session

CVE-2023-1907

High

8/10

Summary

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. This flaw leads to Incorrect Default Permissions vulnerability. This vulnerability affects pgAdmin package versions prior to 7.0.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-488 - Exposure of Data Element to Wrong Session

The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.

References

Advisory
Issue
Release Note
Issue

Advisory Timeline

Published Jan 09, 2025

Exposure of Data Element to Wrong Session

CVE-2023-1907

Summary

CWE-488 - Exposure of Data Element to Wrong Session

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS