Описание
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Out of support scope | ||
| Red Hat Satellite 6 | python-social-auth-app-django | Affected | ||
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | python3x-social-auth-app-django | Fixed | RHSA-2024:3781 | 10.06.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | automation-controller | Fixed | RHSA-2024:6428 | 05.09.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | python-social-auth-app-django | Fixed | RHSA-2024:3781 | 10.06.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | automation-controller | Fixed | RHSA-2024:6428 | 05.09.2024 |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS3
Связанные уязвимости
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
Python Social Auth is a social authentication/registration mechanism. ...
social-auth-app-django affected by Improper Handling of Case Sensitivity
4.9 Medium
CVSS3