CVE-2007-0405Django vulnerability

6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 26.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Djangoproject DjangoDjango Project Django
Timeline
PublishedJan 23
Latest updateMay 1

Description

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

PyPIdjangoproject/django0.951.0

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

4
GHSA
Django Improper Access Control2022-05-01
OSV
Django Improper Access Control2022-05-01
CVEList
CVE-2007-0405: The LazyUser class in the AuthenticationMiddleware for Django 02007-01-23
OSV
CVE-2007-0405: The LazyUser class in the AuthenticationMiddleware for Django 02007-01-23

📋Vendor Advisories

1
Debian
CVE-2007-0405: python-django - The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not prop...2007
CVE-2007-0405 — Djangoproject Django vulnerability | cvebase