CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
References
Link Resource
https://access.redhat.com/security/cve/CVE-2023-1907 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2218384 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:pgadmin:pgadmin:*:*:*:*:*:postgresql:*:*

History

20 Jun 2025, 17:57

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2023-1907 - () https://access.redhat.com/security/cve/CVE-2023-1907 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2218384 - () https://bugzilla.redhat.com/show_bug.cgi?id=2218384 - Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:pgadmin:pgadmin:*:*:*:*:*:postgresql:*:*
First Time Pgadmin
Pgadmin pgadmin

06 Feb 2025, 16:15

Type Values Removed Values Added
CWE CWE-488

06 Feb 2025, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/security/cve/CVE-2023-1907 -

09 Jan 2025, 15:15

Type Values Removed Values Added
CWE CWE-276
Summary
  • (es) Se encontró una vulnerabilidad en pgadmin. Los usuarios que inician sesión en pgAdmin en modo servidor mediante autenticación LDAP pueden verse vinculados a la sesión de otro usuario si se producen varios intentos de conexión en simultáneo.

09 Jan 2025, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-09 08:15

Updated : 2025-06-20 17:57


NVD link : CVE-2023-1907

Mitre link : CVE-2023-1907

CVE.ORG link : CVE-2023-1907


JSON object : View

Products Affected

pgadmin

  • pgadmin
CWE
CWE-488

Exposure of Data Element to Wrong Session

CWE-276

Incorrect Default Permissions