Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-33203

Related Vulnerabilities: CVE-2021-33203  

A flaw was found in django. Staff members could use the :mod:`~django.contrib.admindocs` ``TemplateDetailView`` view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed. The highest threat from this vulnerability is to data confidentiality.

Source

Description

A flaw was found in django. Staff members could use the :mod:`~django.contrib.admindocs` ``TemplateDetailView`` view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed. The highest threat from this vulnerability is to data confidentiality.

Additional Information

  • Bugzilla 1966251: CVE-2021-33203 django: Potential directory traversal via ``admindocs``
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • FAQ: Frequently asked questions about CVE-2021-33203

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started