Описание
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1:1.11.4-1ubuntu1.1 |
| devel | released | 1:1.11.10-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1.6.11 |
| esm-infra/xenial | not-affected | 1.8.7 |
| precise/esm | DNE | |
| trusty | not-affected | 1.6.11 |
| trusty/esm | not-affected | 1.6.11 |
| upstream | released | 1:1.11.10-1 |
| xenial | not-affected | 1.8.7 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0. ...
Django vulnerable to information leakage in AuthenticationForm
Уязвимость метода confirm_login_allowed() программной платформы для веб-приложений Django, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5 Medium
CVSS2
7.5 High
CVSS3