CVE-2013-0305
SUSE Cloud 1.0
CVE-2013-0305, security advisory, novell, suse linux, suse, security, cve

CVE-2013-0305

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0305 at MITRE

Description

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.00
Vector AV:N/AC:L/Au:S/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 807175 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • python-django >= 1.4.5-0.6.2.1
Builds
SAT Patch Nr: 7839
openSUSE 12.3
  • python-django >= 1.4.5-2.4.1
Patchnames:
openSUSE-2013-589
openSUSE Evergreen 11.4
  • python-django >= 1.4.5-9.1
Patchnames:
2013-115