CVE-2020-24584 — Incorrect Default Permissions in Django
Severity
7.5HIGHNVD
EPSS
3.3%
top 12.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 1
Latest updateMar 18
Description
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
Also affects: Fedora 31, 32, 33, Ubuntu Linux 20.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2020-24584 django: permission escalation in intermediate-level directories of the file system cache on Python 3.7+↗2020-09-01
Bugzilla▶
CVE-2020-24584 python-django: django: permission escalation in intermediate-level directories of the file system cache on Python 3.7+ [openstack-rdo]↗2020-09-01
Bugzilla▶
CVE-2020-24584 python-django: django: permission escalation in intermediate-level directories of the file system cache on Python 3.7+ [fedora-all]↗2020-09-01
Bugzilla▶
CVE-2020-24584 python-django: django: permission escalation in intermediate-level directories of the file system cache on Python 3.7+ [epel-all]↗2020-09-01
Bugzilla▶
CVE-2020-24584 django:1.6/python-django: django: permission escalation in intermediate-level directories of the file system cache on Python 3.7+ [fedora-all]↗2020-09-01