CVE-2016-9013
Description
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.845
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-9013,CVE-2016-9014 are fixed in Python-django 1.10.3 | Windows |
| Vulnerabilities CVE-2016-9013,CVE-2016-9014 are fixed in Python-django 1.8.16 | Windows |
| Vulnerabilities CVE-2016-9013,CVE-2016-9014 are fixed in Python-django 1.9.11 | Windows |
| High-level Python web development framework (USN-3089-1) python-django_1.8.7-1ubuntu5.4_all.deb | Linux |
| High-level Python web development framework (USN-3089-1) python-django_1.3.1-4ubuntu1.22_all.deb | Linux |
| High-level Python web development framework (USN-3089-1) python3-django_1.8.7-1ubuntu5.4_all.deb | Linux |
| Vulnerabilities CVE-2016-9013,CVE-2016-9014 are fixed in Python-django for linux 1.10.3 | Linux |
| Vulnerabilities CVE-2016-9013,CVE-2016-9014 are fixed in Python-django for linux 1.8.16 | Linux |
| Vulnerabilities CVE-2016-9013,CVE-2016-9014 are fixed in Python-django for linux 1.9.11 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234