pgadmin4-8.8-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14052-1 Final 1 1 2024-06-17T00:00:00Z current 2024-06-17T00:00:00Z 2024-06-17T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z pgadmin4-8.8-1.1 on GA media These are all security issues fixed in the pgadmin4-8.8-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14052 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-4215/ SUSE CVE CVE-2024-4215 page https://www.suse.com/security/cve/CVE-2024-4216/ SUSE CVE CVE-2024-4216 page openSUSE Tumbleweed pgadmin4-8.8-1.1 pgadmin4-cloud-8.8-1.1 pgadmin4-desktop-8.8-1.1 pgadmin4-doc-8.8-1.1 pgadmin4-web-uwsgi-8.8-1.1 system-user-pgadmin-8.8-1.1 pgadmin4-8.8-1.1 as a component of openSUSE Tumbleweed pgadmin4-cloud-8.8-1.1 as a component of openSUSE Tumbleweed pgadmin4-desktop-8.8-1.1 as a component of openSUSE Tumbleweed pgadmin4-doc-8.8-1.1 as a component of openSUSE Tumbleweed pgadmin4-web-uwsgi-8.8-1.1 as a component of openSUSE Tumbleweed system-user-pgadmin-8.8-1.1 as a component of openSUSE Tumbleweed pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account's username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account's MFA enrollment status. CVE-2024-4215 openSUSE Tumbleweed:pgadmin4-8.8-1.1 openSUSE Tumbleweed:pgadmin4-cloud-8.8-1.1 openSUSE Tumbleweed:pgadmin4-desktop-8.8-1.1 openSUSE Tumbleweed:pgadmin4-doc-8.8-1.1 openSUSE Tumbleweed:pgadmin4-web-uwsgi-8.8-1.1 openSUSE Tumbleweed:system-user-pgadmin-8.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-4215.html CVE-2024-4215 https://bugzilla.suse.com/1223867 SUSE Bug 1223867 pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end. CVE-2024-4216 openSUSE Tumbleweed:pgadmin4-8.8-1.1 openSUSE Tumbleweed:pgadmin4-cloud-8.8-1.1 openSUSE Tumbleweed:pgadmin4-desktop-8.8-1.1 openSUSE Tumbleweed:pgadmin4-doc-8.8-1.1 openSUSE Tumbleweed:pgadmin4-web-uwsgi-8.8-1.1 openSUSE Tumbleweed:system-user-pgadmin-8.8-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-4216.html CVE-2024-4216 https://bugzilla.suse.com/1223868 SUSE Bug 1223868