Lucene search
HistoryJan 23, 2007 - 12:28 a.m.
CVE-2007-0405
cve-2007-0405
lazyuser class
authenticationmiddleware
django 0.95
user privileges
nvd
6.7 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.5%
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| django_project:django | django project django | eq | 0.95 |
Related
ubuntucve
ubuntucve
CVE-2007-0405
2007-01-23 00:00:00
cvelist
cvelist
CVE-2007-0405
2007-01-23 00:00:00
debiancve
debiancve
CVE-2007-0405
2007-01-23 00:28:00
github
github
Django Improper Access Control
2022-05-01 17:44:04
prion
prion
Authentication flaw
2007-01-23 00:28:00
securityvulns
securityvulns
6.7 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.5%
Related for CVE-2007-0405