Vulnerability Details CVE-2007-0405
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v2 Score 6.5
References
- http://code.djangoproject.com/changeset/3754
- http://secunia.com/advisories/23826
- http://www.securityfocus.com/bid/22138
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31628
- http://code.djangoproject.com/changeset/3754
- http://secunia.com/advisories/23826
- http://www.securityfocus.com/bid/22138
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31628
Products affected by CVE-2007-0405
-
cpe:2.3:a:django_project:django:0.95