Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-45231

Опубликовано: 08 окт. 2024
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 5.3

Описание

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

РелизСтатусПримечание
devel

released

3:4.2.15-1ubuntu1
esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

released

1:1.11.11-1ubuntu1.21+esm7
esm-infra/focal

not-affected

2:2.2.12-1ubuntu0.25
esm-infra/xenial

needs-triage

focal

released

2:2.2.12-1ubuntu0.25
jammy

released

2:3.2.12-2ubuntu1.14
noble

released

3:4.2.11-1ubuntu1.3
oracular

released

3:4.2.15-1ubuntu1
plucky

released

3:4.2.15-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 14%
0.00046
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-45231

CVSS3: 3.7
redhat
10 месяцев назад

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

nvd логотип

CVE-2024-45231

CVSS3: 5.3
nvd
8 месяцев назад

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

debian логотип

CVE-2024-45231

CVSS3: 5.3
debian
8 месяцев назад

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The dja ...

github логотип

GHSA-rrqc-c2jx-6jgv

CVSS3: 3.7
github
8 месяцев назад

Django allows enumeration of user e-mail addresses

suse-cvrf логотип

SUSE-SU-2024:3161-1

suse-cvrf
10 месяцев назад

Security update for python-Django

EPSS

Процентиль: 14%
0.00046
Низкий

5.3 Medium

CVSS3