9 matches found
CVE-2024-35228
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...
CVE-2024-35228
CVE-2024-35228 affects Wagtail (Django-based CMS) via an improperly applied permission check in the wagtail.contrib.settings module. A user with access to the Wagtail admin and knowledge of the edit view URL can access and update the setting even without model permissions. The vulnerability is no...
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...
CVE-2024-35228 Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...
Authorization Bypass
Wagtail is vulnerable to Authorization Bypass. The vulnerability is due to inadequate checks in the ModelViewSet and wagtail.contrib.settings modules, allowing users with general edit permissions to update fields they are otherwise restricted from accessing via crafted HTTP POST requests...
CVE-2024-32882
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more...
CVE-2024-32882 Permission check bypass when editing a model with per-field restrictions in wagtail
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more...
CVE-2024-32882 Permission check bypass when editing a model with per-field restrictions in wagtail
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more...
Wagtail 安全漏洞
Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Wagtail versions 6.0 through 6.0.2, which stems from a vulnerability that allows an attacker to bypass privilege checking via wagtail.contrib.settings, ModelViewSet...