CVE-2016-9013

Опубликовано: 01 нояб. 2016

Источник: redhat

CVSS3: 7.4

CVSS2: 4

Описание

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ceph Storage 1.3	Django	Not affected
Red Hat Ceph Storage 2	python-django	Not affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	python-django	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	python-django	Not affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	python-django	Not affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools	python-django	Not affected
Red Hat OpenStack Platform 10 (Newton)	python-django	Not affected
Red Hat OpenStack Platform 10 (Newton) Operational Tools	python-django	Not affected
Red Hat OpenStack Platform 8 (Liberty)	python-django	Not affected
Red Hat OpenStack Platform 8 (Liberty) Operational Tools	python-django	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-798

https://bugzilla.redhat.com/show_bug.cgi?id=1389414python-django: user with hardcoded password created when running tests on Oracle

7.4 High

CVSS3

4 Medium

CVSS2

Связанные уязвимости

CVE-2016-9013

CVSS3: 9.8

ubuntu

больше 8 лет назад

CVE-2016-9013

CVSS3: 9.8

nvd

больше 8 лет назад

CVE-2016-9013

CVSS3: 9.8

debian

больше 8 лет назад

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.1 ...

GHSA-mv8g-fhh6-6267

CVSS3: 9.8

github

около 3 лет назад

Django user with hardcoded password created when running tests on Oracle

openSUSE-SU-2018:0826-1

suse-cvrf

около 7 лет назад

Security update for python-Django

7.4 High

CVSS3

4 Medium

CVSS2