Django Incorrect Default Permissions Vulnerability (CVE-2020-24584)

Description

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

Remediation

References

CVE-2020-24584

Related Vulnerabilities

WordPress Plugin Elementor Website Builder Unspecified Vulnerability (3.0.15)

WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.1)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3181)

PHP Other Vulnerability (CVE-2005-0524)

Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-44227)

Severity

High

Classification

CVE-2020-24584 CWE-276 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N