An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
Metrics
Affected Vendors & Products
References
History
Sun, 08 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat ansible Automation Platform |
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
Vendors & Products |
Redhat
Redhat ansible Automation Platform |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-10T00:00:00
Updated: 2024-08-02T04:19:20.702Z
Reserved: 2024-06-23T00:00:00
Link: CVE-2024-39329
Vulnrichment
Updated: 2024-07-10T16:26:17.485Z
NVD
Status : Awaiting Analysis
Published: 2024-07-10T05:15:12.097
Modified: 2024-07-11T15:06:11.477
Link: CVE-2024-39329
Redhat