VDB

CVE-2024-39329

CVE-2024-39329 PUBLISHED

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

EPSS 0.16% · 37.4th percentile

Risk Scores

EPSS Score
0.16%
37.4th percentile

Affected Products

VendorProductVersions
Bitnamidjango5.0.0, 4.2.0, 5.0.0
Bitnamidjango4.2.0, 5.0.0

Timeline

  • Jul 9, 2024 CVE Published
  • Jul 10, 2024 EPSS Score
  • Aug 1, 2024 EPSS Score
  • Aug 23, 2024 EPSS Score
  • Sep 14, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 6, 2024 EPSS Score
  • Oct 19, 2024 Coalition ESS Score
  • Oct 28, 2024 EPSS Score
  • Oct 30, 2024 Coalition ESS Score
  • Nov 19, 2024 EPSS Score
  • Nov 24, 2024 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›