CVE-2024-45231

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45231
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45231.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45231
Aliases
Related
Published
2024-10-08T16:15:11Z
Modified
2024-10-30T19:47:22.803973Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

References

Affected packages

Debian:11 / python-django

Package

Name
python-django
Purl
pkg:deb/debian/python-django?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.2.24-1
2:2.2.25-1~deb11u1
2:2.2.26-1~deb11u1
2:2.2.28-1~deb11u1
2:2.2.28-1~deb11u2

2:3.*

2:3.0~alpha1-1
2:3.0~beta1-1
2:3.0~rc1-1
2:3.0-1
2:3.0.1-1
2:3.0.2-1
2:3.0.4-1
2:3.0.5-1
2:3.0.6-1
2:3.0.7-1
2:3.0.7-2
2:3.1~beta1-1
2:3.1~rc1-1
2:3.1-1
2:3.1-2
2:3.1.1-1
2:3.1.2-1
2:3.1.3-1
2:3.1.4-1
2:3.1.5-1
2:3.2~alpha1-1
2:3.2~alpha1-2
2:3.2~beta1-1
2:3.2~rc1-1
2:3.2-1
2:3.2.1-1
2:3.2.2-1
2:3.2.3-1
2:3.2.4-1
2:3.2.5-1
2:3.2.5-2
2:3.2.6-1
2:3.2.7-1
2:3.2.7-2
2:3.2.7-3
2:3.2.7-4
2:3.2.8-1
2:3.2.9-1
2:3.2.9-2~bpo11+1
2:3.2.9-2
2:3.2.10-1
2:3.2.10-2~bpo11+1
2:3.2.10-2~bpo11+2
2:3.2.10-2
2:3.2.11-1
2:3.2.11-2
2:3.2.12-1~bpo11+1
2:3.2.12-1
2:3.2.12-2
2:3.2.13-1

2:4.*

2:4.0~alpha1-1
2:4.0~beta1-1
2:4.0~rc1-1
2:4.0-1
2:4.0.1-1
2:4.0.1-2
2:4.0.2-1
2:4.0.3-1
2:4.0.4-1
2:4.0.5-1
2:4.0.5-2
2:4.0.6-1
2:4.1~alpha1-1
2:4.1~beta1-1
2:4.1~rc1-1

3:3.*

3:3.2.14-1
3:3.2.15-1
3:3.2.16-1
3:3.2.16-2
3:3.2.17-1
3:3.2.18-1
3:3.2.19-1
3:3.2.20-1
3:3.2.20-1.1
3:3.2.21-1

3:4.*

3:4.1-1
3:4.1.1-1
3:4.1.2-1
3:4.1.3-1
3:4.1.4-1
3:4.1.5-1
3:4.2~alpha1-1
3:4.2~beta1-1
3:4.2~rc1-1
3:4.2-1
3:4.2.1-1
3:4.2.2-1
3:4.2.3-1
3:4.2.4-1
3:4.2.5-1
3:4.2.5-2
3:4.2.6-1
3:4.2.8-1
3:4.2.9-1
3:4.2.10-1
3:4.2.11-1
3:4.2.13-1
3:4.2.14-1
3:4.2.15-1~bpo12+1
3:4.2.15-1
3:4.2.16-1

3:5.*

3:5.0~alpha1-1
3:5.0~rc1-1
3:5.0-1
3:5.0.1-1
3:5.0.2-1
3:5.0.3-1
3:5.0.4-1
3:5.0.6-1
3:5.1~alpha1-1
3:5.1~beta1-1
3:5.1~rc1-1
3:5.1-1
3:5.1.1-1
3:5.1.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-django

Package

Name
python-django
Purl
pkg:deb/debian/python-django?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3:3.*

3:3.2.19-1
3:3.2.19-1+deb12u1~bpo11+1
3:3.2.19-1+deb12u1
3:3.2.19-1+deb12u2
3:3.2.20-1
3:3.2.20-1.1
3:3.2.21-1

3:4.*

3:4.1-1
3:4.1.1-1
3:4.1.2-1
3:4.1.3-1
3:4.1.4-1
3:4.1.5-1
3:4.2~alpha1-1
3:4.2~beta1-1
3:4.2~rc1-1
3:4.2-1
3:4.2.1-1
3:4.2.2-1
3:4.2.3-1
3:4.2.4-1
3:4.2.5-1
3:4.2.5-2
3:4.2.6-1
3:4.2.8-1
3:4.2.9-1
3:4.2.10-1
3:4.2.11-1
3:4.2.13-1
3:4.2.14-1
3:4.2.15-1~bpo12+1
3:4.2.15-1
3:4.2.16-1

3:5.*

3:5.0~alpha1-1
3:5.0~rc1-1
3:5.0-1
3:5.0.1-1
3:5.0.2-1
3:5.0.3-1
3:5.0.4-1
3:5.0.6-1
3:5.1~alpha1-1
3:5.1~beta1-1
3:5.1~rc1-1
3:5.1-1
3:5.1.1-1
3:5.1.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-django

Package

Name
python-django
Purl
pkg:deb/debian/python-django?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3:4.2.16-1

Affected versions

3:3.*

3:3.2.19-1
3:3.2.20-1
3:3.2.20-1.1
3:3.2.21-1

3:4.*

3:4.1-1
3:4.1.1-1
3:4.1.2-1
3:4.1.3-1
3:4.1.4-1
3:4.1.5-1
3:4.2~alpha1-1
3:4.2~beta1-1
3:4.2~rc1-1
3:4.2-1
3:4.2.1-1
3:4.2.2-1
3:4.2.3-1
3:4.2.4-1
3:4.2.5-1
3:4.2.5-2
3:4.2.6-1
3:4.2.8-1
3:4.2.9-1
3:4.2.10-1
3:4.2.11-1
3:4.2.13-1
3:4.2.14-1
3:4.2.15-1~bpo12+1
3:4.2.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0
1.1
1.2
1.2.1
1.3
1.4
1.7a1
1.7a2

4.*

4.2
4.2.1
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.2a1
4.2b1
4.2rc1