Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45231

Опубликовано: 03 сент. 2024
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

A flaw was found in Python's Django package. This flaw allows an attacker to enumerate users' emails by issuing password reset requests.

Отчет

This vulnerability is classified as a Low severity as it only poses a low impact to confidentiality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2ansible-towerFix deferred
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-dellemc-openmanage-rhel8Fix deferred
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/lightspeed-rhel8Fix deferred
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/platform-resource-runner-rhel8Fix deferred
Red Hat Ansible Automation Platform 2automation-controllerFix deferred
Red Hat Ansible Automation Platform 2python-djangoFix deferred
Red Hat Certification for Red Hat Enterprise Linux 7python-djangoFix deferred
Red Hat Discoverydiscovery-server-containerFix deferred
Red Hat OpenStack Platform 16.2python-django20Fix deferred
Red Hat OpenStack Platform 17.1python-djangoFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2314496python-django: Potential user email enumeration via response status on password reset

EPSS

Процентиль: 14%
0.00046
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-45231

CVSS3: 5.3
ubuntu
8 месяцев назад

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

nvd логотип

CVE-2024-45231

CVSS3: 5.3
nvd
8 месяцев назад

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

debian логотип

CVE-2024-45231

CVSS3: 5.3
debian
8 месяцев назад

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The dja ...

github логотип

GHSA-rrqc-c2jx-6jgv

CVSS3: 3.7
github
8 месяцев назад

Django allows enumeration of user e-mail addresses

suse-cvrf логотип

SUSE-SU-2024:3161-1

suse-cvrf
10 месяцев назад

Security update for python-Django

EPSS

Процентиль: 14%
0.00046
Низкий

3.7 Low

CVSS3

Уязвимость CVE-2024-45231