Описание
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
A flaw was found in Django where it did not sanitize the email input from the password recovery form. An attacker with the knowledge of the victim user’s email address could use this flaw to reset the victim user’s password and retrieve the reset link to gain access and take over their account.
Отчет
This flaw depends upon the use of Django's password reset functionality. The following products ship the flawed code but do not use this functionality:
- Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3
- Red Hat Gluster Storage 3
- Red Hat Certified Cloud and Service Provider Certification 1
- Red Hat OpenStack Platform, all versions. No updates will be provided at this time for the RHOSP django package.
- Red Hat Satellite 6, all versions
- Red Hat Update Infrastructure 3
Меры по смягчению последствий
Unless the password-reset form is disabled, this flaw can only be resolved by applying updates.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | calamari-server | Will not fix | ||
| Red Hat Ceph Storage 2 | python-django | Affected | ||
| Red Hat Ceph Storage 3 | python-django | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-django | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 14 (Rocky) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 15 (Stein) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 16 (Train) | python-django | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ...
Django Potential account hijack via password reset form
Уязвимость фреймворка для веб-приложений Django, связанная с ошибкой в работе механизма восстановления паролей, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
9.8 Critical
CVSS3