CVE-2014-0483

🗓️ 26 Aug 2014 14:00:00Reported by debianType

cve

cve🔗 web.nvd.nist.gov👁 95 Views🌐 WEB

Django admin interface vulnerability allows info disclosure

Reporter	Title	Published	Views	Family All 65
FreeBSD	django -- multiple vulnerabilities	20 Aug 201400:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Django affect IBM SmartCloud Provisioning shipped with IBM SmartCloud Orchestrator (CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483).	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Django affect SmartCloud Provisioning (CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483)	17 Jun 201822:30	–	ibm
Cvelist	CVE-2014-0483	26 Aug 201414:00	–	cvelist
Debian	[SECURITY] [DLA 65-1] python-django security update	29 Sep 201408:20	–	debian
Debian	[SECURITY] [DSA 3010-1] python-django security update	22 Aug 201420:52	–	debian
Debian	[SECURITY] [DSA 3010-1] python-django security update	22 Aug 201420:52	–	debian
Debian CVE	CVE-2014-0483	26 Aug 201414:00	–	debiancve
Tenable Nessus	Debian DLA-65-1 : python-django security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Debian DSA-3010-1 : python-django - security update	23 Aug 201400:00	–	nessus

NVD

Node

opensuse opensuseMatch12.3

OR

opensuse opensuseMatch13.1

Node

djangoproject djangoMatch1.5

OR

djangoproject djangoMatch1.5alpha

OR

djangoproject djangoMatch1.5beta

OR

djangoproject djangoMatch1.5.1

OR

djangoproject djangoMatch1.5.2

OR

djangoproject djangoMatch1.5.3

OR

djangoproject djangoMatch1.5.4

OR

djangoproject djangoMatch1.5.5

OR

djangoproject djangoMatch1.5.6

OR

djangoproject djangoMatch1.5.7

OR

djangoproject djangoMatch1.5.8

Node

djangoproject djangoMatch1.6-

OR

djangoproject djangoMatch1.6beta1

OR

djangoproject djangoMatch1.6beta2

OR

djangoproject djangoMatch1.6beta3

OR

djangoproject djangoMatch1.6beta4

OR

djangoproject djangoMatch1.6.1

OR

djangoproject djangoMatch1.6.2

OR

djangoproject djangoMatch1.6.3

OR

djangoproject djangoMatch1.6.4

OR

djangoproject djangoMatch1.6.5

Node

djangoproject djangoRange≤1.4.13

OR

djangoproject djangoMatch1.4

OR

djangoproject djangoMatch1.4.1

OR

djangoproject djangoMatch1.4.2

OR

djangoproject djangoMatch1.4.4

OR

djangoproject djangoMatch1.4.5

OR

djangoproject djangoMatch1.4.6

OR

djangoproject djangoMatch1.4.7

OR

djangoproject djangoMatch1.4.8

OR

djangoproject djangoMatch1.4.9

OR

djangoproject djangoMatch1.4.10

OR

djangoproject djangoMatch1.4.11

OR

djangoproject djangoMatch1.4.12

Node

djangoproject djangoMatch1.7beta1

OR

djangoproject djangoMatch1.7beta2

OR

djangoproject djangoMatch1.7beta3

OR

djangoproject djangoMatch1.7beta4

OR

djangoproject djangoMatch1.7rc1

OR

djangoproject djangoMatch1.7rc2

Source	Link
debian	www.debian.org/security/2014/dsa-3010
djangoproject	www.djangoproject.com/weblog/2014/aug/20/security/
secunia	www.secunia.com/advisories/59782
secunia	www.secunia.com/advisories/61281
secunia	www.secunia.com/advisories/61276
lists	www.lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
github	www.github.com/django/django/commit/2b31342cdf14fc20e07c43d258f1e7334ad664a6

Parameter	Position	Path	Description	CWE
pop	query param	/admin/auth/user/	Popup action in Django admin could disclose information via to_field parameter in an admin change form page (exposed by /admin/auth/user/?pop=1&t=password).	CWE-264
t	query param	/admin/auth/user/	Popup action in Django admin could disclose information via to_field parameter in an admin change form page (exposed by /admin/auth/user/?pop=1&t=password).	CWE-264

06 May 2026 22:30Current

5.5Medium risk

Vulners AI Score5.5

CVSS 23.5

EPSS0.00428

django admin interface vulnerability info disclosure cve-2014-0483 nvd