CVE-2015-5081

HIGH8.8EPSS 0.20%

django-cms CSRF Vulnerability

發布日:2022/5/17修改日:2024/9/16

也稱為:GHSA-2pqc-gv8q-pvqvPYSEC-2017-11

描述

Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions.

受影響套件(2)

PyPI/django-cmsfrom 0, < 3.0.14
PyPI/django-cmsfrom 0, < f77cbc607d6e2a62e63287d37ad320109a2cc78a | from 0, < 3.0.14, >= 3.1, < 3.1.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5081
ADVISORYhttps://www.django-cms.org/en/blog/2015/06/27/311-3014-release/
WEBhttps://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a
WEBhttps://github.com/django-cms/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/django-cms/PYSEC-2017-11.yaml
WEBhttps://www.django-cms.org/en/blog/2015/06/27/311-3014-release
WEBhttp://www.openwall.com/lists/oss-security/2015/06/28/1