CVE-2015-8213Sensitive Information Exposure in Django

CWE-200Sensitive Information Exposure11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
3.0%
top 13.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Djangoproject Django
Timeline
PublishedDec 7
Latest updateMay 17

Description

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

PyPIdjangoproject/django1.71.7.11+2
NVDdjangoproject/django1.7.10+8

Patches

Patch: www.djangoproject.comPatch: www.djangoproject.com

🔴Vulnerability Details

4
GHSA
Django settings leak in date template filter2022-05-17
OSV
Django settings leak in date template filter2022-05-17
OSV
CVE-2015-8213: The get_format function in utils/formats2015-12-07
CVEList
CVE-2015-8213: The get_format function in utils/formats2015-12-07

📋Vendor Advisories

3
Red Hat
python-django: Information leak through date template filter2015-11-24
Ubuntu
Django vulnerability2015-11-24
Debian
CVE-2015-8213: python-django - The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11...2015

💬Community

3
Bugzilla
CVE-2015-8213 python-django: Information leak through date template filter [fedora-all]2015-11-25
Bugzilla
CVE-2015-8213 python-django: Information leak through date template filter [epel-all]2015-11-25
Bugzilla
CVE-2015-8213 python-django: Information leak through date template filter2015-11-19
CVE-2015-8213 — Sensitive Information Exposure | cvebase