Description

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

Remediation

References

CVE-2013-0305

Related Vulnerabilities

MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-42040)

WordPress Plugin Weaver Xtreme Theme Support Cross-Site Scripting (6.2.6)

WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271)

Atlassian Confluence Missing Authorization Vulnerability (CVE-2019-15005)

Severity

Medium

Classification

CVE-2013-0305 CWE-200

Tags

Missing Update Known Vulnerabilities