Описание
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 2.1 | Django14 | Affected | ||
| Red Hat Subscription Asset Manager | Django | Affected | ||
| RHOS Essex Release | Django | Affected | ||
| OpenStack Folsom for RHEL 6 | Django14 | Fixed | RHSA-2013:0670 | 21.03.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x befo ...
EPSS
4 Medium
CVSS2