4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
Django is vulnerable to information disclosure through escalation of privileges. The admin interface does not check user permissions correctly for viewing object history.
CPE | Name | Operator | Version |
---|---|---|---|
django14 | eq | 1.4.2__2.el6 |
rhn.redhat.com/errata/RHSA-2013-0670.html
ubuntu.com/usn/usn-1757-1
www.debian.org/security/2013/dsa-2634
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=913037
bugzilla.redhat.com/show_bug.cgi?id=913039
rhn.redhat.com/errata/RHSA-2013-0670.html
www.djangoproject.com/weblog/2013/feb/19/security/