PT-2016-7619 · Django Software Foundation+2 · Django+2
Marti Raudsepp
·
Publicado
2016-11-01
·
Atualizado
2022-05-17
·
CVE-2016-9013
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Django versions 1.8.x through 1.8.15
Django versions 1.9.x through 1.9.10
Django versions 1.10.x through 1.10.2
Description
The issue allows remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. This is due to a hardcoded password being used for a temporary database user created when running tests with an Oracle database.
Recommendations
For Django versions 1.8.x through 1.8.15, update to version 1.8.16 or later.
For Django versions 1.9.x through 1.9.10, update to version 1.9.11 or later.
For Django versions 1.10.x through 1.10.2, update to version 1.10.3 or later.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Django
Ubuntu