Main Vulnerability Database Vulnerabilities #VU107607

Resource management error in pgAdmin - CVE-2023-1907

Published: April 18, 2025

Vulnerability identifier: #VU107607

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-1907

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PlanGenius Admin

Affected software:
pgAdmin

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges within the application.

The vulnerability exists due to improper management of internal resources within the application. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

How to mitigate CVE-2023-1907

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=2218384
https://github.com/advisories/GHSA-7w6r-748w-mh52

Resource management error in pgAdmin - CVE-2023-1907

Detailed vulnerability description

How to mitigate CVE-2023-1907

Sources

Please verify you're human