All the vulnerabilites related to wagtail - Wagtail
cve-2020-11001
Vulnerability from cvelistv5
Published
2020-04-14 23:05
Modified
2024-11-19 15:36
Severity ?
EPSS score ?
Summary
Possible XSS attack in Wagtail
References
▼ | URL | Tags |
---|---|---|
https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6 | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:21:14.258Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.8.1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/61045ceefea114c40ac4b680af58990dbe732389" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003c 2.7.2" }, { "status": "affected", "version": "\u003e= 2.8.0, \u003c 2.8.1" } ] } ], "descriptions": [ { "lang": "en", "value": "In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision\ncomparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail\nadmin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform\nactions with that user\u0027s credentials. The vulnerability is not exploitable by an ordinary site visitor without access to\nthe Wagtail admin.\n\nPatched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-19T15:36:07.828Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6" } ], "source": { "advisory": "GHSA-v2wc-pfq2-5cm6", "discovery": "UNKNOWN" }, "title": "Possible XSS attack in Wagtail" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11001", "datePublished": "2020-04-14T23:05:14", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-11-19T15:36:07.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21683
Vulnerability from cvelistv5
Published
2022-01-18 17:30
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Comment reply notifications sent to incorrect users in wagtail
References
▼ | URL | Tags |
---|---|---|
https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889 | x_refsource_CONFIRM | |
https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd | x_refsource_MISC | |
https://github.com/wagtail/wagtail/releases/tag/v2.15.2 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:46:39.535Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003e= 2.13, \u003c 2.15.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not have editing access to, as long as they have left a comment or reply somewhere on the site. A patched version has been released as Wagtail 2.15.2, which restores the intended behaviour - to send notifications for new replies to the participants in the active thread only (editing permissions are not considered). New comments can be disabled by setting `WAGTAILADMIN_COMMENTS_ENABLED = False` in the Django settings file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-18T17:30:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2" } ], "source": { "advisory": "GHSA-xqxm-2rpm-3889", "discovery": "UNKNOWN" }, "title": "Comment reply notifications sent to incorrect users in wagtail", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21683", "STATE": "PUBLIC", "TITLE": "Comment reply notifications sent to incorrect users in wagtail" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "wagtail", "version": { "version_data": [ { "version_value": "\u003e= 2.13, \u003c 2.15.2" } ] } } ] }, "vendor_name": "wagtail" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not have editing access to, as long as they have left a comment or reply somewhere on the site. A patched version has been released as Wagtail 2.15.2, which restores the intended behaviour - to send notifications for new replies to the participants in the active thread only (editing permissions are not considered). New comments can be disabled by setting `WAGTAILADMIN_COMMENTS_ENABLED = False` in the Django settings file." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889", "refsource": "CONFIRM", "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889" }, { "name": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd", "refsource": "MISC", "url": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2", "refsource": "MISC", "url": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2" } ] }, "source": { "advisory": "GHSA-xqxm-2rpm-3889", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21683", "datePublished": "2022-01-18T17:30:13", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-03T02:46:39.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32882
Vulnerability from cvelistv5
Published
2024-05-02 06:52
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
Permission check bypass when editing a model with per-field restrictions in wagtail
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:wagtail:wagtail:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wagtail", "vendor": "wagtail", "versions": [ { "lessThan": "6.0.3", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32882", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-02T13:08:02.482926Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:50:26.488Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:20:35.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-w2v8-php4-p8hc", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-w2v8-php4-p8hc" }, { "name": "https://github.com/wagtail/wagtail/commit/ab2a5d82b4ee3c909d2456704388ccf90e367c9b", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/ab2a5d82b4ee3c909d2456704388ccf90e367c9b" }, { "name": "https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset" }, { "name": "https://docs.wagtail.org/en/stable/reference/contrib/settings.html", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.wagtail.org/en/stable/reference/contrib/settings.html" }, { "name": "https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific field can craft an HTTP POST request that bypasses the permission check on the individual field, allowing them to update its value. This vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, or by a user who has not been granted edit access to the model in question. The editing interfaces for pages and snippets are also unaffected. Patched versions have been released as Wagtail 6.0.3 and 6.1. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability as follows: 1.For models registered through `ModelViewSet`, register the model as a snippet instead; 2. For settings models, place the restricted fields in a separate settings model, and configure permission at the model level." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-280", "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-281", "description": "CWE-281: Improper Preservation of Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-02T06:52:59.556Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-w2v8-php4-p8hc", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-w2v8-php4-p8hc" }, { "name": "https://github.com/wagtail/wagtail/commit/ab2a5d82b4ee3c909d2456704388ccf90e367c9b", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/ab2a5d82b4ee3c909d2456704388ccf90e367c9b" }, { "name": "https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset", "tags": [ "x_refsource_MISC" ], "url": "https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset" }, { "name": "https://docs.wagtail.org/en/stable/reference/contrib/settings.html", "tags": [ "x_refsource_MISC" ], "url": "https://docs.wagtail.org/en/stable/reference/contrib/settings.html" }, { "name": "https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission", "tags": [ "x_refsource_MISC" ], "url": "https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission" } ], "source": { "advisory": "GHSA-w2v8-php4-p8hc", "discovery": "UNKNOWN" }, "title": "Permission check bypass when editing a model with per-field restrictions in wagtail" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-32882", "datePublished": "2024-05-02T06:52:59.556Z", "dateReserved": "2024-04-19T14:07:11.230Z", "dateUpdated": "2024-08-02T02:20:35.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28836
Vulnerability from cvelistv5
Published
2023-04-03 00:00
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713" }, { "tags": [ "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af" }, { "tags": [ "x_transferred" ], "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview" }, { "tags": [ "x_transferred" ], "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview" }, { "tags": [ "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62" }, { "tags": [ "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "lessThan": "1.5*", "status": "affected", "version": "1.5", "versionType": "custom" }, { "lessThan": "4.1.1", "status": "affected", "version": "4.1.1", "versionType": "custom" }, { "lessThan": "4.2*", "status": "affected", "version": "4.2", "versionType": "custom" }, { "lessThan": "4.2.2", "status": "affected", "version": "4.2.2", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user\u0027s credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the \"Choose a parent page\" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-03T00:00:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713" }, { "url": "https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af" }, { "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview" }, { "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview" }, { "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2" }, { "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2" }, { "url": "https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62" }, { "url": "https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91" } ], "source": { "advisory": "GHSA-5286-f2rf-35c2", "defect": [ "GHSA-5286-f2rf-35c2" ], "discovery": "UNKNOWN" }, "title": "Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-28836", "datePublished": "2023-04-03T00:00:00", "dateReserved": "2023-03-24T00:00:00", "dateUpdated": "2024-08-02T13:51:38.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-15118
Vulnerability from cvelistv5
Published
2020-07-20 17:50
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
Cross-Site Scripting in Wagtail
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:08:21.683Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003c 2.7.4" }, { "status": "affected", "version": "\u003e= 2.8.0, \u003c 2.9.3" } ] } ], "descriptions": [ { "lang": "en", "value": "In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django\u0027s standard form rendering helpers such as form.as_p, any HTML tags used within a form field\u0027s help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django\u0027s documentation, but omitting the |safe filter when outputting the help text." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-20T17:50:16", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst" } ], "source": { "advisory": "GHSA-2473-9hgq-j7xw", "discovery": "UNKNOWN" }, "title": "Cross-Site Scripting in Wagtail", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15118", "STATE": "PUBLIC", "TITLE": "Cross-Site Scripting in Wagtail" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "wagtail", "version": { "version_data": [ { "version_value": "\u003c 2.7.4" }, { "version_value": "\u003e= 2.8.0, \u003c 2.9.3" } ] } } ] }, "vendor_name": "wagtail" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django\u0027s standard form rendering helpers such as form.as_p, any HTML tags used within a form field\u0027s help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django\u0027s documentation, but omitting the |safe filter when outputting the help text." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw", "refsource": "CONFIRM", "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw" }, { "name": "https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text", "refsource": "MISC", "url": "https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text" }, { "name": "https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage", "refsource": "MISC", "url": "https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage" }, { "name": "https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34", "refsource": "MISC", "url": "https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34" }, { "name": "https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst", "refsource": "MISC", "url": "https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst" } ] }, "source": { "advisory": "GHSA-2473-9hgq-j7xw", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15118", "datePublished": "2020-07-20T17:50:16", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:21.683Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32681
Vulnerability from cvelistv5
Published
2021-06-17 16:25
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks
References
▼ | URL | Tags |
---|---|---|
https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf | x_refsource_CONFIRM | |
https://github.com/wagtail/wagtail/releases/tag/v2.11.8 | x_refsource_MISC | |
https://github.com/wagtail/wagtail/releases/tag/v2.12.5 | x_refsource_MISC | |
https://github.com/wagtail/wagtail/releases/tag/v2.13.2 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:31.147Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.11.8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.12.5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.13.2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003c 2.11.8" }, { "status": "affected", "version": "\u003e= 2.12, \u003c= 2.12.4" }, { "status": "affected", "version": "\u003e= 2.13, \u003c= 2.13.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with \u0027editor\u0027 access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django\u0027s `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-17T16:25:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.11.8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.12.5" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v2.13.2" } ], "source": { "advisory": "GHSA-xfrw-hxr5-ghqf", "discovery": "UNKNOWN" }, "title": "Improper escaping of HTML (\u0027Cross-site Scripting\u0027) in Wagtail StreamField blocks", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32681", "STATE": "PUBLIC", "TITLE": "Improper escaping of HTML (\u0027Cross-site Scripting\u0027) in Wagtail StreamField blocks" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "wagtail", "version": { "version_data": [ { "version_value": "\u003c 2.11.8" }, { "version_value": "\u003e= 2.12, \u003c= 2.12.4" }, { "version_value": "\u003e= 2.13, \u003c= 2.13.1" } ] } } ] }, "vendor_name": "wagtail" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with \u0027editor\u0027 access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django\u0027s `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf", "refsource": "CONFIRM", "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v2.11.8", "refsource": "MISC", "url": "https://github.com/wagtail/wagtail/releases/tag/v2.11.8" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v2.12.5", "refsource": "MISC", "url": "https://github.com/wagtail/wagtail/releases/tag/v2.12.5" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v2.13.2", "refsource": "MISC", "url": "https://github.com/wagtail/wagtail/releases/tag/v2.13.2" } ] }, "source": { "advisory": "GHSA-xfrw-hxr5-ghqf", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32681", "datePublished": "2021-06-17T16:25:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:31.147Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39317
Vulnerability from cvelistv5
Published
2024-07-11 15:23
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
Wagtail regular expression denial-of-service via search query parsing
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39317", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-17T15:46:41.169788Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-18T15:20:35.111Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.749Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8" }, { "name": "https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2" }, { "name": "https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797" }, { "name": "https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003e= 2.0, \u003c 5.2.6" }, { "status": "affected", "version": "\u003e= 6.0, \u003c 6.0.6" }, { "status": "affected", "version": "\u003e= 6.1, \u003c 6.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is an open source content management system built on Django. A bug in Wagtail\u0027s `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333: Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-11T15:23:22.307Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jmp3-39vp-fwg8" }, { "name": "https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2" }, { "name": "https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/3c941136f79c48446e3858df46e5b668d7f83797" }, { "name": "https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/b783c096b6d4fd2cfc05f9137a0be288850e99a2" } ], "source": { "advisory": "GHSA-jmp3-39vp-fwg8", "discovery": "UNKNOWN" }, "title": "Wagtail regular expression denial-of-service via search query parsing" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-39317", "datePublished": "2024-07-11T15:23:22.307Z", "dateReserved": "2024-06-21T18:15:22.262Z", "dateUpdated": "2024-08-02T04:19:20.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-35228
Vulnerability from cvelistv5
Published
2024-05-30 18:44
Modified
2024-08-02 03:07
Severity ?
EPSS score ?
Summary
Improper Handling of Insufficient Permissions in Wagtail
References
▼ | URL | Tags |
---|---|---|
https://github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f | x_refsource_CONFIRM | |
https://github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35228", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-31T16:19:13.143754Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:33:38.290Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:07:46.735Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f" }, { "name": "https://github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.5" }, { "status": "affected", "version": "\u003e= 6.1.0, \u003c 6.1.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 6.0.5 and 6.1.2. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability in `ModelViewSet` by registering the model as a snippet instead. No workaround is available for `wagtail.contrib.settings`." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-280", "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-30T18:44:31.900Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f" }, { "name": "https://github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1" } ], "source": { "advisory": "GHSA-xxfm-vmcf-g33f", "discovery": "UNKNOWN" }, "title": "Improper Handling of Insufficient Permissions in Wagtail" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-35228", "datePublished": "2024-05-30T18:44:31.900Z", "dateReserved": "2024-05-14T15:39:41.784Z", "dateUpdated": "2024-08-02T03:07:46.735Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29434
Vulnerability from cvelistv5
Published
2021-04-19 18:45
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
References
▼ | URL | Tags |
---|---|---|
https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx | x_refsource_CONFIRM | |
https://pypi.org/project/wagtail/ | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:02:51.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://pypi.org/project/wagtail/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003c= 2.11.6" }, { "status": "affected", "version": "\u003e= 2.12, \u003c= 2.12.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-19T18:45:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx" }, { "tags": [ "x_refsource_MISC" ], "url": "https://pypi.org/project/wagtail/" } ], "source": { "advisory": "GHSA-wq5h-f9p5-q7fx", "discovery": "UNKNOWN" }, "title": "Improper validation of URLs (\u0027Cross-site Scripting\u0027) in Wagtail rich text fields", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29434", "STATE": "PUBLIC", "TITLE": "Improper validation of URLs (\u0027Cross-site Scripting\u0027) in Wagtail rich text fields" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "wagtail", "version": { "version_data": [ { "version_value": "\u003c= 2.11.6" }, { "version_value": "\u003e= 2.12, \u003c= 2.12.3" } ] } } ] }, "vendor_name": "wagtail" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch)." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx", "refsource": "CONFIRM", "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx" }, { "name": "https://pypi.org/project/wagtail/", "refsource": "MISC", "url": "https://pypi.org/project/wagtail/" } ] }, "source": { "advisory": "GHSA-wq5h-f9p5-q7fx", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-29434", "datePublished": "2021-04-19T18:45:14", "dateReserved": "2021-03-30T00:00:00", "dateUpdated": "2024-08-03T22:02:51.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28837
Vulnerability from cvelistv5
Published
2023-04-03 16:41
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.627Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9" }, { "name": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880" }, { "name": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165" }, { "name": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf" }, { "name": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a" }, { "name": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003c 4.1.4" }, { "status": "affected", "version": "\u003e= 4.2, \u003c 4.2.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail\u0027s handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service.\n\nThe vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents.\n\nImage uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. \n\nPatched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-03T16:41:19.467Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9" }, { "name": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880" }, { "name": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165" }, { "name": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf" }, { "name": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a" }, { "name": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size", "tags": [ "x_refsource_MISC" ], "url": "https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.4" }, { "name": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2" } ], "source": { "advisory": "GHSA-33pv-vcgh-jfg9", "discovery": "UNKNOWN" }, "title": "Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-28837", "datePublished": "2023-04-03T16:41:19.467Z", "dateReserved": "2023-03-24T16:25:34.465Z", "dateUpdated": "2024-08-02T13:51:38.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-11037
Vulnerability from cvelistv5
Published
2020-04-30 22:20
Modified
2024-11-19 15:42
Severity ?
EPSS score ?
Summary
Potential Observable Timing Discrepancy in Wagtail
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:21:14.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003c 2.7.3" }, { "status": "affected", "version": "\u003e= 2.8rc1, \u003c 2.8.2" }, { "status": "affected", "version": "= 2.9rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail\u0027s \"Privacy\" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is [understood to be feasible on a local network, but not on the public internet](https://groups.google.com/d/msg/django-developers/iAaq0pvHXuA/fpUuwjK3i2wJ).\n\nPrivacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability.\n\nThis has been patched in 2.7.3, 2.8.2, 2.9." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-208", "description": "CWE-208: Observable Timing Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-19T15:42:15.578Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6" }, { "name": "https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf" }, { "name": "https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090" }, { "name": "https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11" }, { "name": "https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340" } ], "source": { "advisory": "GHSA-jjjr-3jcw-f8v6", "discovery": "UNKNOWN" }, "title": "Potential Observable Timing Discrepancy in Wagtail" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11037", "datePublished": "2020-04-30T22:20:12", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-11-19T15:42:15.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45809
Vulnerability from cvelistv5
Published
2023-10-19 18:33
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
Disclosure of user names via admin bulk action views in wagtail
References
▼ | URL | Tags |
---|---|---|
https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h | x_refsource_CONFIRM | |
https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:32.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h" }, { "name": "https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "wagtail", "vendor": "wagtail", "versions": [ { "status": "affected", "version": "\u003c 4.1.9" }, { "status": "affected", "version": "\u003e= 5.0.0, \u003c 5.0.5" }, { "status": "affected", "version": "\u003e= 5.1.0, \u003c 5.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-425", "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-19T18:33:26.176Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h" }, { "name": "https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b" } ], "source": { "advisory": "GHSA-fc75-58r8-rm3h", "discovery": "UNKNOWN" }, "title": "Disclosure of user names via admin bulk action views in wagtail" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-45809", "datePublished": "2023-10-19T18:33:26.176Z", "dateReserved": "2023-10-13T12:00:50.436Z", "dateUpdated": "2024-08-02T20:29:32.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }