4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
django is vulnerable to directory traversal. Lack of path sanitation allows checking of existence of arbitrary files via the use of admindocs TemplateDetailView view by any staff members. Moreover, the default admindocs templates allows developers to customize in such a way that reveals the content of files.
docs.djangoproject.com/en/3.2/releases/security/
github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90
github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f
github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9
groups.google.com/forum/#!forum/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
security.netapp.com/advisory/ntap-20210727-0004/
www.djangoproject.com/weblog/2021/jun/02/security-releases
www.djangoproject.com/weblog/2021/jun/02/security-releases/
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N