Lucene search
PRIOn knowledge basePRION:CVE-2014-0483HistoryAug 26, 2014 - 2:55 p.m.
Crlf injection
2014-08-2614:55:00
PRIOn knowledge base
www.prio-n.com
13
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.
References
lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
secunia.com/advisories/59782
secunia.com/advisories/61276
secunia.com/advisories/61281
www.debian.org/security/2014/dsa-3010
github.com/django/django/commit/2b31342cdf14fc20e07c43d258f1e7334ad664a6
www.djangoproject.com/weblog/2014/aug/20/security/
Related
cve
cve
CVE-2014-0483
2014-08-26 14:55:05
github
github
Django data leakage via querystring manipulation in admin
2022-05-14 02:09:22
ubuntucve
ubuntucve
CVE-2014-0483
2014-08-26 00:00:00
osv
osv
PYSEC-2014-7
2014-08-26 14:55:00
python-django - security update
2014-08-22 00:00:00
python-django - security update
2014-09-29 00:00:00
debiancve
debiancve
CVE-2014-0483
2014-08-26 14:55:05
nvd
nvd
CVE-2014-0483
2014-08-26 14:55:05
cvelist
cvelist
CVE-2014-0483
2014-08-26 14:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201412-22
2015-09-29 00:00:00
Ubuntu: Security Advisory (USN-2347-1)
2014-09-17 00:00:00
Debian Security Advisory DSA 3010-1 (python-django - security update)
2014-08-22 00:00:00
debian
debian
[SECURITY] [DSA 3010-1] python-django security update
2014-08-22 20:52:59
[SECURITY] [DLA 65-1] python-django security update
2014-09-29 08:20:58
[SECURITY] [DSA 3010-1] python-django security update
2014-08-22 20:52:59
nessus
nessus
Fedora 19 : python-django14-1.4.16-1.fc19 (2014-15307)
2014-12-02 00:00:00
Fedora 20 : python-django14-1.4.16-1.fc20 (2014-15266)
2014-12-02 00:00:00
Mandriva Linux Security Advisory : python-django (MDVSA-2014:179)
2014-09-12 00:00:00
freebsd
freebsd
django -- multiple vulnerabilities
2014-08-20 00:00:00
gentoo
gentoo
Django: Multiple vulnerabilities
2014-12-13 00:00:00
mageia
mageia
Updated python-django packages fix multiple vulnerabilities
2014-09-05 13:07:37
fedora
fedora
[SECURITY] Fedora 20 Update: python-django15-1.5.9-1.fc20
2014-09-10 13:29:30
[SECURITY] Fedora 20 Update: python-django14-1.4.16-1.fc20
2014-12-01 18:59:44
[SECURITY] Fedora 20 Update: python-django14-1.4.14-1.fc20
2014-09-09 22:27:18
ubuntu
ubuntu
Django vulnerabilities
2014-09-16 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3010-1] python-django security update
2014-08-26 00:00:00
