django.contrib.auth.forms.AuthenticationForm in Django 2.0 prior to 2.0.2, and 1.11.8 and 1.11.9, allows remote malicious users to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django 2.0.1 |
||
djangoproject django 1.11.9 |
||
djangoproject django 2.0 |
||
djangoproject django 1.11.8 |
||
canonical ubuntu linux 17.10 |