The CERT-FR reported multiple vulnerabilities in PostgreSQL pgAdmin, including the ability for remote attackers to perform remote code injection (XSS) and bypass security policies. These vulnerabilities affect pgAdmin 4 versions prior to 8.6
To address these issues, users are advised to refer to the security bulletin provided by the vendor for obtaining the necessary patches. Two CVE references, CVE-2024-4215 and CVE-2024-4216, are associated with these vulnerabilities. The detailed document management and related links can be found on the CERT-FR website, emphasizing the importance of prompt action to secure systems using the affected versions of pgAdmin. https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0361/