Description
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Remediation
References
Related Vulnerabilities
XWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-32729)
CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2017-5645)
WordPress Plugin Limit Attempts by BestWebSoft Cross-Site Scripting (1.1.7)
ownCloud Improper Input Validation Vulnerability (CVE-2015-7699)