This CVE name corresponds to:
| Entered | Topic |
|---|---|
| 2016-02-28 | django -- regression in permissions model |
The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.
| Type | Candidate |
| Name | CVE-2016-2048 |
| Phase | Assigned(20160124) |
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
| Source | Reference |
|---|---|
| CONFIRM | https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/ |
| SECTRACK | 1034894 |
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.