CVE-2020-24583 — Incorrect Default Permissions in Django
Severity
7.5HIGHNVD
EPSS
3.4%
top 12.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 1
Latest updateMar 18
Description
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
Also affects: Fedora 31, 32, 33, Ubuntu Linux 20.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2020-24583 python-django: django: incorrect permissions on intermediate-level directories on Python 3.7+ [epel-all]↗2020-09-01
Bugzilla▶
CVE-2020-24583 python-django: django: incorrect permissions on intermediate-level directories on Python 3.7+ [openstack-rdo]↗2020-09-01
Bugzilla▶
CVE-2020-24583 django:1.6/python-django: django: incorrect permissions on intermediate-level directories on Python 3.7+ [fedora-all]↗2020-09-01
Bugzilla▶
CVE-2020-24583 python-django: django: incorrect permissions on intermediate-level directories on Python 3.7+ [fedora-all]↗2020-09-01
Bugzilla▶
CVE-2020-24583 django: incorrect permissions on intermediate-level directories on Python 3.7+↗2020-09-01