You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduced through
wagtail@4.2.3
Fixed in
wagtail@4.1.9, @5.0.5, @5.1.3
Exploit maturity
No known exploit
Detailed paths and remediation
Introduced through: project@0.0.0 › wagtail@4.2.3
Fix: Upgrade wagtail to version 4.1.9 or 5.0.5 or 5.1.3
Security information
Factors contributing to the scoring:
Snyk: [CVSS 2.7](https://security.snyk.io/vuln/SNYK-PYTHON-WAGTAIL-6016491) - Low Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
wagtail is an open source content management system built on Django.
Affected versions of this package are vulnerable to Direct Request ('Forced Browsing') through the admin bulk action views. An attacker can disclose user names by making a direct URL request.
Note:
This is only exploitable if the attacker has a limited-permission editor account for the Wagtail admin.
The text was updated successfully, but these errors were encountered:
cnlucas
changed the title
[Snyk: Low] wagtail Direct Request ('Forced Browsing') 1/23/25
[Snyk: Low] wagtail Direct Request ('Forced Browsing') (due 1/23/25)
Oct 26, 2023
Introduced through
wagtail@4.2.3
Fixed in
wagtail@4.1.9, @5.0.5, @5.1.3
Detailed paths and remediation
Security information
Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
wagtail is an open source content management system built on Django.
Affected versions of this package are vulnerable to Direct Request ('Forced Browsing') through the admin bulk action views. An attacker can disclose user names by making a direct URL request.
Note:
This is only exploitable if the attacker has a limited-permission editor account for the Wagtail admin.
The text was updated successfully, but these errors were encountered: