exploitDog

CVE-2019-10682

Опубликовано: 18 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

django-nopassword before 5.0.0 stores cleartext secrets in the database.

Ссылки

https://github.com/relekang/django-nopassword/blob/8e8cfc765ee00adfed120c2c79bf71ef856e9022/nopassword/models.py#L14
Third Party Advisory
https://github.com/relekang/django-nopassword/commit/d8b4615f5fbfe3997d96cf4cb3e342406396193c
Patch
Third Party Advisory
https://github.com/relekang/django-nopassword/compare/v4.0.1...v5.0.0
Third Party Advisory
https://github.com/relekang/django-nopassword/blob/8e8cfc765ee00adfed120c2c79bf71ef856e9022/nopassword/models.py#L14
Third Party Advisory
https://github.com/relekang/django-nopassword/commit/d8b4615f5fbfe3997d96cf4cb3e342406396193c
Patch
Third Party Advisory
https://github.com/relekang/django-nopassword/compare/v4.0.1...v5.0.0
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:django-nopassword_project:django-nopassword:*:*:*:*:*:*:*:*

Версия до 5.0.0 (исключая)

EPSS

Процентиль: 44%

0.00218

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-37cf-r3w2-gjfw

CVSS3: 7.5

github

больше 5 лет назад

django-nopassword stores secrets in cleartext

EPSS

Процентиль: 44%

0.00218

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-312