Описание
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.4.5-1 |
| hardy | ignored | end of life |
| lucid | released | 1.1.1-2ubuntu1.8 |
| oneiric | released | 1.3-2ubuntu1.6 |
| precise | released | 1.3.1-4ubuntu1.6 |
| quantal | released | 1.4.1-2ubuntu0.3 |
| upstream | released | 1.4.4-1 |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x befo ...
EPSS
4 Medium
CVSS2