1. CVE-Search
  2. CVE-2018-14574
ID CVE-2018-14574
Summary django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
References
Vulnerable Configurations
  • cpe:2.3:a:djangoproject:django:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.6:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.6:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.7:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.7:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.8:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.8:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.9:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.9:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.10:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.10:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.11:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.11:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.12:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.12:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.13:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.13:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.11.14:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.11.14:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 01-03-2019 - 19:32)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2019:0265
rpms
  • carbon-selinux-0:1.5.4-3.el7rhgs
  • graphite-web-0:1.1.4-1.el7rhgs
  • python-cachetools-0:1.0.3-1.1.el7rhgs
  • python-carbon-0:1.1.4-1.el7rhgs
  • python-django-bash-completion-0:1.11.15-4.el7rhgs
  • python-django-tagging-0:0.4.6-1.el7rhgs
  • python-scandir-0:1.3-1.el7rhgs
  • python-scandir-debuginfo-0:1.3-1.el7rhgs
  • python-whisper-0:1.1.4-1.el7rhgs
  • python2-django-0:1.11.15-4.el7rhgs
  • python2-django-doc-0:1.11.15-4.el7rhgs
  • tendrl-ansible-0:1.6.3-11.el7rhgs
  • tendrl-api-0:1.6.3-10.el7rhgs
  • tendrl-api-httpd-0:1.6.3-10.el7rhgs
  • tendrl-collectd-selinux-0:1.5.4-3.el7rhgs
  • tendrl-commons-0:1.6.3-15.el7rhgs
  • tendrl-grafana-plugins-0:1.6.3-20.el7rhgs
  • tendrl-grafana-selinux-0:1.5.4-3.el7rhgs
  • tendrl-monitoring-integration-0:1.6.3-20.el7rhgs
  • tendrl-node-agent-0:1.6.3-15.el7rhgs
  • tendrl-selinux-0:1.5.4-3.el7rhgs
refmap via4
bid 104970
confirm https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
debian DSA-4264
sectrack 1041403
ubuntu USN-3726-1
Last major update 01-03-2019 - 19:32
Published 03-08-2018 - 17:29
Last modified 01-03-2019 - 19:32
Back to Top