Description
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wechat Broadcast Local/Remote File Inclusion (1.2.0)
WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.4.0)
Apache HTTP Server Use of Uninitialized Resource Vulnerability (CVE-2020-1934)
WordPress Plugin OdiHost Newsletter 'openstat.php' SQL Injection (1.0)