4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
47.1%
Django release reports:
CVE-2019-19118: Privilege escalation in the Django admin.
Since Django 2.1, a Django model admin displaying a parent model with related
model inlines, where the user has view-only permissions to a parent model but
edit permissions to the inline model, would display a read-only view of the parent
model but editable forms for the inline.
Submitting these forms would not allow direct edits to the parent model, but would
trigger the parent model’s save() method, and cause pre and post-save signal handlers
to be invoked. This is a privilege escalation as a user who lacks permission to edit
a model should not be able to trigger its save-related signals.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py35-django21 | < 2.1.15 | UNKNOWN |
FreeBSD | any | noarch | py36-django21 | < 2.1.15 | UNKNOWN |
FreeBSD | any | noarch | py37-django21 | < 2.1.15 | UNKNOWN |
FreeBSD | any | noarch | py38-django21 | < 2.1.15 | UNKNOWN |
FreeBSD | any | noarch | py35-django22 | < 2.2.8 | UNKNOWN |
FreeBSD | any | noarch | py36-django22 | < 2.2.8 | UNKNOWN |
FreeBSD | any | noarch | py37-django22 | < 2.2.8 | UNKNOWN |
FreeBSD | any | noarch | py38-django22 | < 2.2.8 | UNKNOWN |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
47.1%