CVE-2013-0305

NameCVE-2013-0305
DescriptionThe administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2634-1
Debian Bugs701186

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-django (PTS)bullseye2:2.2.28-1~deb11u2fixed
bullseye (security)2:2.2.28-1~deb11u4fixed
bookworm, bookworm (security)3:3.2.19-1+deb12u1fixed
sid, trixie3:4.2.18-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-djangosourcesqueeze1.2.3-3+squeeze5DSA-2634-1
python-djangosource(unstable)1.4.4-1701186

Notes

https://www.djangoproject.com/weblog/2013/feb/19/security/
Search for package or bug name: Reporting problems