CVE-2013-0305

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:djangoproject:django:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3:beta1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:djangoproject:django:1.4:beta:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4:alpha:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:djangoproject:django:1.5:alpha:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5:beta:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

Information

Published : 2013-05-02 07:55

Updated : 2013-05-14 20:34


NVD link : CVE-2013-0305

Mitre link : CVE-2013-0305


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

djangoproject

  • django

canonical

  • ubuntu_linux