Описание
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | python-django | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-django | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-django | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools | python-django | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) Operational Tools | python-django | Not affected | ||
| Red Hat OpenStack Platform 11 (Ocata) | python-django | Not affected | ||
| Red Hat OpenStack Platform 12 (Pike) | python-django | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-django | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | python-django | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=1484978Django: CSRF around publishing of draft changes
EPSS
Процентиль: 41%
0.00196
Низкий
4.7 Medium
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
больше 8 лет назад
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
CVSS3: 8.8
debian
больше 8 лет назад
Cross-site request forgery (CSRF) vulnerability in django CMS before 3 ...
EPSS
Процентиль: 41%
0.00196
Низкий
4.7 Medium
CVSS3