PYSEC-2011-8

🗓️ 10 Jan 2011 20:00:00Reported by Python Packaging AdvisoryType

pypa

pypa🔗 github.com👁 4 Views

Django admin vulnerability lets remote authenticated users leak data via created_by__password__regex.

Reporter	Title	Published	Views	Family All 29
CVE	CVE-2010-4534	10 Jan 201119:18	–	cve
Cvelist	CVE-2010-4534	10 Jan 201119:18	–	cvelist
Debian CVE	CVE-2010-4534	10 Jan 201119:18	–	debiancve
EUVD	EUVD-2011-0011	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 14 Update: Django-1.2.4-1.fc14	13 Jan 201123:34	–	fedora
Fedora	[SECURITY] Fedora 13 Update: Django-1.2.4-1.fc13	13 Jan 201123:28	–	fedora
Tenable Nessus	Fedora 13 : Django-1.2.4-1.fc13 (2011-0096)	14 Jan 201100:00	–	nessus
Tenable Nessus	Fedora 14 : Django-1.2.4-1.fc14 (2011-0120)	14 Jan 201100:00	–	nessus
Tenable Nessus	FreeBSD : django -- multiple vulnerabilities (14a37474-1383-11e0-8a58-00215c6a37bb)	30 Dec 201000:00	–	nessus
Tenable Nessus	Ubuntu 9.10 / 10.04 LTS / 10.10 : python-django vulnerabilities (USN-1040-1)	7 Jan 201100:00	–	nessus

Vulners

Node

pypi djangoRange1.2–1.2.4

Source	Link
archives	www.archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html
evilpacket	www.evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac/
code	www.code.djangoproject.com/changeset/15031
ngenuity-is	www.ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
secunia	www.secunia.com/advisories/42715
djangoproject	www.djangoproject.com/weblog/2010/dec/22/security/
openwall	www.openwall.com/lists/oss-security/2010/12/23/4
openwall	www.openwall.com/lists/oss-security/2011/01/03/5
lists	www.lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html

15 Jul 2021 02:22Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

EPSS0.01697

django admin regular expressions password leakage remote authenticated users query filtering sensitive data