7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.5%
Django Release notes:
CVE-2020-24583: Incorrect permissions on intermediate-level directories
on Python 3.7+
On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied
to intermediate-level directories created in the process of uploading
files and to intermediate-level collected static directories when using
the collectstatic management command.
CVE-2020-24584: Permission escalation in intermediate-level directories
of the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system
cache had the system’s standard umask rather than 0o077 (no group or
others permissions).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py35-django22 | <Â 2.2.16 | UNKNOWN |
FreeBSD | any | noarch | py36-django22 | <Â 2.2.16 | UNKNOWN |
FreeBSD | any | noarch | py37-django22 | <Â 2.2.16 | UNKNOWN |
FreeBSD | any | noarch | py38-django22 | <Â 2.2.16 | UNKNOWN |
FreeBSD | any | noarch | py36-django30 | <Â 3.0.10 | UNKNOWN |
FreeBSD | any | noarch | py37-django30 | <Â 3.0.10 | UNKNOWN |
FreeBSD | any | noarch | py38-django30 | <Â 3.0.10 | UNKNOWN |
FreeBSD | any | noarch | py36-django31 | <Â 3.1.1 | UNKNOWN |
FreeBSD | any | noarch | py37-django31 | <Â 3.1.1 | UNKNOWN |
FreeBSD | any | noarch | py38-django31 | <Â 3.1.1 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.5%