exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2024-21543

около 1 года назад

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.

CVSS3: 7.1

EPSS: Низкий

CVE-2024-21543

около 1 года назад

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.

CVSS3: 7.1

EPSS: Низкий

CVE-2024-21543

около 1 года назад

Versions of the package djoser before 2.3.0 are vulnerable to Authenti ...

CVSS3: 7.1

EPSS: Низкий

GHSA-v49p-m6gh-747c

около 1 года назад

djoser Authentication Bypass

CVSS3: 7.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-21543 Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.	CVSS3: 7.1	0% Низкий	около 1 года назад
CVE-2024-21543 Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.	CVSS3: 7.1	0% Низкий	около 1 года назад
CVE-2024-21543 Versions of the package djoser before 2.3.0 are vulnerable to Authenti ...	CVSS3: 7.1	0% Низкий	около 1 года назад
GHSA-v49p-m6gh-747c djoser Authentication Bypass	CVSS3: 7.1	0% Низкий	около 1 года назад

Уязвимостей на страницу