Published: 02/05/2013 Updated: 15/05/2013

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The administrative interface for Django 1.3.x prior to 1.3.6, 1.4.x prior to 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django 1.3.2
djangoproject django 1.3.3
djangoproject django 1.3
djangoproject django 1.3.1
djangoproject django 1.4
djangoproject django 1.4.1
djangoproject django 1.4.2
djangoproject django 1.5
canonical ubuntu linux 10.04
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
canonical ubuntu linux 11.10

Synopsis Moderate: Django security update Type/Severity Security Advisory: Moderate Topic Updated Django packages that fix multiple security issues are now availablefor Red Hat OpenStack FolsomThe Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...

Debian Bug report logs - #701186 python-django: CVE-2013-0305 CVE-2013-0306 Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg& ...

Several security issues were fixed in Django ...

CWE-200 https://www.djangoproject.com/weblog/2013/feb/19/security/http://www.debian.org/security/2013/dsa-2634 http://ubuntu.com/usn/usn-1757-1 http://rhn.redhat.com/errata/RHSA-2013-0670.html https://access.redhat.com/errata/RHSA-2013:0670 https://usn.ubuntu.com/1757-1/https://nvd.nist.gov

CVE-2013-0305

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect