Описание
askbot inexhaustive permissions check allows any user to modify a different user's profile picture
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users. This issue affects askbot: 0.12.2.
Пакеты
Наименование
askbot
pip
Затронутые версииВерсия исправления
< 0.12.3
0.12.3
Связанные уязвимости
nvd
11 дней назад
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.