Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-39329

Опубликовано: 09 июл. 2024
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate() method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2ansible-towerAffected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/lightspeed-rhel8Affected
Red Hat Certification for Red Hat Enterprise Linux 7python-djangoAffected
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certificationAffected
Red Hat Certification for Red Hat Enterprise Linux 9redhat-certificationAffected
Red Hat Discoverydiscovery-server-containerAffected
Red Hat OpenStack Platform 16.1python-django20Affected
Red Hat OpenStack Platform 16.2python-django20Affected
Red Hat OpenStack Platform 17.1python-djangoAffected
Red Hat Storage 3python-djangoAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-208
https://bugzilla.redhat.com/show_bug.cgi?id=2295936python-django: Username enumeration through timing difference for users with unusable passwords

EPSS

Процентиль: 26%
0.00088
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-39329

CVSS3: 5.3
ubuntu
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

nvd логотип

CVE-2024-39329

CVSS3: 5.3
nvd
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

debian логотип

CVE-2024-39329

CVSS3: 5.3
debian
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...

github логотип

GHSA-x7q2-wr7g-xqmf

CVSS3: 5.3
github
11 месяцев назад

Django vulnerable to user enumeration attack

fstec логотип

BDU:2024-07168

CVSS3: 5.3
fstec
12 месяцев назад

Уязвимость метода django.contrib.auth.backends.ModelBackend.authenticate() программной платформы для веб-приложений Django, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 26%
0.00088
Низкий

3.7 Low

CVSS3