CVE-2024-39329 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-39329 PUBLISHED

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

EPSS 0.16% · 37.4th percentile

Risk Scores

EPSS Score

0.16%

37.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	django	5.0.0, 4.2.0, 5.0.0
Bitnami	django	4.2.0, 5.0.0

Timeline

Jul 9, 2024 CVE Published
Jul 10, 2024 EPSS Score
Jul 31, 2024 EPSS Score
Aug 22, 2024 EPSS Score
Sep 12, 2024 EPSS Score
Oct 4, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 19, 2024 Coalition ESS Score
Oct 25, 2024 EPSS Score
Oct 30, 2024 Coalition ESS Score
Nov 16, 2024 EPSS Score
Nov 24, 2024 Coalition ESS Score

References

Open in Interactive Console →