CVE-2013-0305
Description
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.245
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.3.6 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django 1.4.4 | Windows |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.3.6 | Linux |
| Vulnerabilities CVE-2013-0305,CVE-2013-0306,CVE-2013-1664,CVE-2013-1665 are fixed in Python-django for linux 1.4.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234