Lucene search
Ubuntu.comUB:CVE-2024-45231HistorySep 03, 2024 - 12:00 a.m.
CVE-2024-45231
2024-09-0300:00:00
ubuntu.com
ubuntu.com
2
email sending failures
remote attackers
password reset requests
user emails enumeration
exceptions handling
logging.
AI Score
7.5
Confidence
Low
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email sending
are now handled and logged using the “django.contrib.auth” logger.
Notes
| Author | Note |
|---|---|
| Priority reason: Only allows enumeration of user emails via brute-force approach. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | python-django | < 1:1.11.11-1ubuntu1.21+esm7 | UNKNOWN |
| ubuntu | 20.04 | noarch | python-django | < 2:2.2.12-1ubuntu0.25 | UNKNOWN |
| ubuntu | 22.04 | noarch | python-django | < 2:3.2.12-2ubuntu1.14 | UNKNOWN |
| ubuntu | 24.04 | noarch | python-django | < 3:4.2.11-1ubuntu1.3 | UNKNOWN |
| ubuntu | 14.04 | noarch | python-django | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | python-django | < any | UNKNOWN |
Related
debiancve
debiancve
CVE-2024-45231
2024-09-03 23:20:49
nessus
nessus
osv
osv
python310-Django4-4.2.16-1.1 on GA media
2024-09-04 00:00:00
python-django vulnerabilities
2024-09-03 16:36:41
Security update for python-Django
2024-09-06 10:16:42
openvas
openvas
Ubuntu: Security Advisory (USN-6987-1)
2024-09-04 00:00:00
Django 4.x < 4.2.16, 5.0.x < 5.0.9, 5.1.x < 5.1.1 Multiple Vulnerabilities - Windows
2024-09-05 00:00:00
openSUSE: Security Advisory for python (SUSE-SU-2024:3161-1)
2024-09-07 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2024-09-03 00:00:00