Veracode Vulnerability DatabaseVERACODE:22083Privilege Escalation
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
django is vulnerable to privilege escalation. The vulnerability exists as a user with view-only permissions to a parent model and has edit permissions to the inline model, can cause the pre and post-save signal handlers to be executed through triggering the parent model’s save() method.
References
www.openwall.com/lists/oss-security/2019/12/02/1
docs.djangoproject.com/en/dev/releases/2.1.15
docs.djangoproject.com/en/dev/releases/2.2.8
docs.djangoproject.com/en/dev/releases/security/
github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244
github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21
groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
lists.fedoraproject.org/archives/list/[email protected]/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
security.gentoo.org/glsa/202004-17
security.netapp.com/advisory/ntap-20191217-0003/
www.djangoproject.com/weblog/2019/dec/02/security-releases/
www.openwall.com/lists/oss-security/2019/12/02/1
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N