CVE-2016-2048 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=1.9 <1.9.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00142 pctl0.34935

Details

Django Access Restrictions Bypass Django 1.9.x before 1.9.2, when `ModelAdmin.save_as` is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.

Metadata

Created: 2022-05-17T03:43:00Z
Modified: 2024-11-18T16:26:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-46x4-9jmv-jc8p/GHSA-46x4-9jmv-jc8p.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-46x4-9jmv-jc8p
Finding: F039
Auto approve: 1