The administrative interface for Django 1.3.x prior to 1.3.6, 1.4.x prior to 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django 1.3.2 |
||
djangoproject django 1.3.3 |
||
djangoproject django 1.3 |
||
djangoproject django 1.3.1 |
||
djangoproject django 1.4 |
||
djangoproject django 1.4.1 |
||
djangoproject django 1.4.2 |
||
djangoproject django 1.5 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 11.10 |