Lucene search
GitHub Advisory DatabaseGHSA-RF4J-J272-FJ86HistoryOct 03, 2018 - 9:13 p.m.
Django Information leakage in AuthenticationForm
2018-10-0321:13:54
CWE-200
GitHub Advisory Database
github.com
20
0.002 Low
EPSS
Percentile
57.5%
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
References
www.securitytracker.com/id/1040422
github.com/advisories/GHSA-rf4j-j272-fj86
github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae
github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2
nvd.nist.gov/vuln/detail/CVE-2018-6188
usn.ubuntu.com/3559-1
www.djangoproject.com/weblog/2018/feb/01/security-releases
Related
osv
osv
Django Information leakage in AuthenticationForm
2018-10-03 21:13:54
PYSEC-2018-4
2018-02-05 03:29:00
CVE-2018-6188
2018-02-05 03:29:00
nessus
nessus
Fedora 27 : python-django (2018-2c612c6d92)
2018-02-15 00:00:00
RHEL 8 : django (Unpatched Vulnerability)
2024-05-11 00:00:00
prion
prion
Input validation
2018-02-05 03:29:00
cve
cve
CVE-2018-6188
2018-02-05 03:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: python-django-1.11.10-1.fc27
2018-02-14 17:33:50
redhatcve
redhatcve
CVE-2018-6188
2018-02-05 13:49:45
cvelist
cvelist
CVE-2018-6188
2018-02-05 03:00:00
ubuntucve
ubuntucve
CVE-2018-6188
2018-02-04 00:00:00
veracode
veracode
Information Leakage
2018-02-02 05:13:33
debiancve
debiancve
CVE-2018-6188
2018-02-05 03:29:00
alpinelinux
alpinelinux
CVE-2018-6188
2018-02-05 03:29:00
openvas
openvas
Fedora Update for python-django FEDORA-2018-2c612c6d92
2018-02-15 00:00:00
Ubuntu: Security Advisory (USN-3559-1)
2018-10-26 00:00:00
freebsd
freebsd
Django -- information leakage
2018-02-01 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2018-02-07 00:00:00
altlinux
altlinux
redhat
redhat