Lucene search
K

6 matches found

BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.6 views

The vulnerability of the confirm_login_allowed() method in the Django web application framework, related to the disclosure of information that allows attackers to access confidential data

The vulnerability of the confirmloginallowed method in the Django web application framework relates to the exposure of sensitive information. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data remotely...

7.8CVSS6.4AI score0.04897EPSS
Exploits0References6Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.4 views

SUSE CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS7.6AI score0.04897EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.3 views

django: Information leakage in AuthenticationForm

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS7.2AI score0.04897EPSS
Exploits0References5
OSV
OSV
added 2018/10/03 9:13 p.m.4 views

GHSA-RF4J-J272-FJ86 Django vulnerable to information leakage in AuthenticationForm

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

8.7CVSS6.8AI score0.04897EPSS
Exploits0References9
OSV
OSV
added 2018/02/05 3:29 a.m.2 views

PYSEC-2018-4

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS6.8AI score0.04897EPSS
Exploits0References4
OSV
OSV
added 2018/02/05 3:29 a.m.2 views

ALPINE-CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

7.5CVSS6.6AI score0.04897EPSS
Exploits0References1
Rows per page
Query Builder