Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-13254

Опубликовано: 03 июн. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

A flaw was found in Django, where the memcached backend does not perform key validation and passes malformed keys. This flaw causes a key collision and potential data leakage. The highest threat from this vulnerability is to confidentiality.

Отчет

Red Hat Satellite 6 ships affected python-django, however, it does not use memcached implementation in product code hence not vulnerable to this flaw. Red Hat Update Infrastructure 3 ships an affected version of python-django, however it does not use memcached as a cache backend and it is not vulnerable to this flaw. Red Hat Ceph Storage(RHCS) ships an affected version of python-django used with calamari and graphite which are no longer supported, hence the django package will not be fixed for RHCS.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 2python-djangoWill not fix
Red Hat Ceph Storage 3python-djangoWill not fix
Red Hat OpenStack Platform 10 (Newton)python-djangoOut of support scope
Red Hat OpenStack Platform 15 (Stein)python-djangoOut of support scope
Red Hat OpenStack Platform 15 (Stein)python-django20Out of support scope
Red Hat Satellite 6python-djangoWill not fix
Red Hat Storage 3python-djangoAffected
Red Hat Update Infrastructure 3 for Cloud Providerspython-djangoFix deferred
Red Hat OpenStack Platform 13.0 (Queens)python-djangoFixedRHSA-2021:093318.03.2021
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUSpython-djangoFixedRHSA-2021:093318.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1843614django: potential data leakage via malformed memcached keys

EPSS

Процентиль: 92%
0.08918
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-13254

CVSS3: 5.9
ubuntu
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

nvd логотип

CVE-2020-13254

CVSS3: 5.9
nvd
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

debian логотип

CVE-2020-13254

CVSS3: 5.9
debian
около 5 лет назад

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...

github логотип

GHSA-wpjr-j57x-wxfw

CVSS3: 5.9
github
около 5 лет назад

Data leakage via cache key collision in Django

fstec логотип

BDU:2021-00780

CVSS3: 5.9
fstec
около 5 лет назад

Уязвимость библиотеки Django, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 92%
0.08918
Низкий

5.9 Medium

CVSS3