pgAdmin Cross-Origin Opener Policy Vulnerability in OAuth Flow

A Cross-Origin Opener Policy (COOP) vulnerability has been identified in pgAdmin versions through 9.7. This issue allows attackers to manipulate the OAuth authentication process, potentially leading to unauthorized access to user accounts, account takeovers, data breaches, and privilege escalation. The vulnerability arises from a lack of proper COOP implementation, enabling malicious windows to control the login flow and intercept OAuth tokens, including those with email access, which can be exploited for further account compromise.

Impact

Exploitation of this vulnerability could result in unauthorized account access, allowing attackers to take over user accounts, access sensitive data such as emails, and escalate privileges by leveraging intercepted OAuth tokens with mail scope permissions.

Reproduction

To reproduce this vulnerability, initiate the OAuth authentication flow in pgAdmin 9.7 or earlier. A malicious parent window can then open the login page in the same browser tab and manipulate the OAuth flow by redirecting it to a controlled endpoint. This interception can be done by monitoring the navigation changes and detecting when the user is prompted to sign in with an OAuth provider. Once the flow is redirected and the user unknowingly authorizes the attacker's OAuth client, the attacker can obtain an access token with mail scope, allowing access to the user's emails and facilitating a complete account takeover via password reset.

Remediation

Users can update to pgAdmin version 9.8 or later, where this vulnerability has been fixed.