Lucene search

K

GoogleOSV:GHSA-89HJ-XFX5-7Q66

HistoryMay 17, 2022 - 3:07 a.m.

Django Reuses Cached CSRF Token

2022-05-1703:07:04

Google

osv.dev

6

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

CPENameOperatorVersion
djangoeq1.2.4
djangoeq1.4.10
djangoeq1.0.2
djangoeq1.3.7
djangoeq1.4.4
djangoeq1.4
djangoeq1.4.5
djangoeq1.0.3
djangoeq1.2.7
djangoeq1.3.6

Rows per page:

1-10 of 451

References

lists.opensuse.org/opensuse-updates/2014-09/msg00023.html

rhn.redhat.com/errata/RHSA-2014-0456.html

rhn.redhat.com/errata/RHSA-2014-0457.html

www.debian.org/security/2014/dsa-2934

www.ubuntu.com/usn/USN-2169-1

github.com/django/django

nvd.nist.gov/vuln/detail/CVE-2014-0473

www.djangoproject.com/weblog/2014/apr/21/security

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

Related for OSV:GHSA-89HJ-XFX5-7Q66

gitlab1 ubuntucve1 github1 osv2 cvelist1 prion1 debiancve1 cve1 nessus12 openvas27 fedora15 mageia1 redhat2 ubuntu2 freebsd1 ibm1 gentoo1 debian2 securityvulns1