CVE-2023-1907

HIGH 8.0

Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

CVSS Score

8.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

CWE	CWE-488
Published	Jan 9, 2025
Last Updated	Aug 27, 2025

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-1907 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2218384