PYSEC-2013-16 — Vulnetix

PYSEC-2013-16 PUBLISHED

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

Affected Products

Vendor	Product	Versions
PyPI	django	1.3.2, 1.3, 1.3.3

Timeline

May 2, 2013 CVE Published
Nov 8, 2023 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://www.djangoproject.com/weblog/2013/feb/19/security/ article
http://rhn.redhat.com/errata/RHSA-2013-0670.html advisory
http://www.debian.org/security/2013/dsa-2634 advisory
http://ubuntu.com/usn/usn-1757-1 advisory

Open in Interactive Console →