1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
PublicDate: 2007-11-05
Candidate: CVE-2007-5828
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5828
Description:
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the
admin panel in Django 0.96 allows remote attackers to change passwords of
arbitrary users via a request to admin/auth/user/1/password/. NOTE: this
issue has been disputed by Debian, since product documentation includes a
recommendation for a CSRF protection module that is included with the
product. However, CVE considers this an issue because the default
configuration does not use this module.
Ubuntu-Description:
Notes:
mdeslaur> let's ignore this also
Bugs:
Priority: negligible
Assigned-to:
upstream_python-django: ignored
dapper_python-django: DNE
edgy_python-django: DNE
feisty_python-django: needs-triage (reached end-of-life)
gutsy_python-django: needs-triage (reached end-of-life)
hardy_python-django: ignored
intrepid_python-django: ignored
jaunty_python-django: ignored
karmic_python-django: ignored
devel_python-django: ignored
|