Detections
Analytics

FreeBSD : django -- regression in permissions model (6b1d8a39-ddb3-11e5-8fa8-14dae9d210b8)

medium Nessus Plugin ID 89009

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Tim Graham reports :

User with 'change' but not 'add' permission can create objects for ModelAdmin's with save_as=True

Solution

Update the affected packages.

See Also

https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/

http://www.nessus.org/u?c4661818

Plugin Details

Severity: Medium

ID: 89009

File Name: freebsd_pkg_6b1d8a39ddb311e58fa814dae9d210b8.nasl

Version: 2.5

Type: local

Published: 2/29/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-django-devel, p-cpe:/a:freebsd:freebsd:py27-django19, p-cpe:/a:freebsd:freebsd:py33-django-devel, p-cpe:/a:freebsd:freebsd:py33-django19, p-cpe:/a:freebsd:freebsd:py34-django-devel, p-cpe:/a:freebsd:freebsd:py34-django19, p-cpe:/a:freebsd:freebsd:py35-django-devel, p-cpe:/a:freebsd:freebsd:py35-django19, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/28/2016

Vulnerability Publication Date: 2/1/2016

Reference Information

CVE: CVE-2016-2048