0.002 Low
EPSS
Percentile
52.3%
django is vulnerable to information disclosure. Admin users with the view-only permission are able to retrieve the entire password hash of arbitrary accounts through the read-only password widget that displays obfuscated password hashes.
view-only
www.securitytracker.com/id/1041749
github.com/django/django/commit/0b3b7c4b0ab2567cfe5df3ac19563d4a59276cb1
github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851
security.netapp.com/advisory/ntap-20190502-0009/
www.djangoproject.com/weblog/2018/oct/01/security-release/