Vulnerabilities > CVE-2018-14574 - Open Redirect vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fake the Source of Data An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4264.NASL description Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable ifdjango.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 111537 published 2018-08-06 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111537 title Debian DSA-4264-1 : python-django - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0265.NASL description Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration Batch Update 3 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS. Security Fix(es) : * django: Catastrophic backtracking in regular expressions via last seen 2020-03-18 modified 2019-02-06 plugin id 121606 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121606 title RHEL 7 : Storage Server (RHSA-2019:0265) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-614.NASL description This update for python-Django to version 2.08 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware (boo#1102680) The following other bugs were fixed : - Fixed a regression in Django 2.0.7 that broke the regex lookup on MariaDB - Fixed a regression where django.template.Template crashed if the template_string argument is lazy - Fixed __regex and __iregex lookups with MySQL - Fixed admin check crash when using a query expression in ModelAdmin.ordering - Fixed admin changelist crash when using a query expression without asc() or desc() in the page’s ordering - Fixed a regression that broke custom template filters that use decorators - Fixed detection of custom URL converters in included pattern - Fixed a regression that added an unnecessary subquery to the GROUP BY clause on MySQL when using a RawSQL annotation - Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ - Fixed a regression in Django 1.10 that could result in large memory usage when making edits using ModelAdmin.list_editable - Corrected the import paths that inspectdb generates for django.contrib.postgres fields - Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed - Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns last seen 2020-06-01 modified 2020-06-02 plugin id 123267 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123267 title openSUSE Security Update : python-Django (openSUSE-2019-614) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-914.NASL description This update for python-Django to version 2.08 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware (boo#1102680) The following other bugs were fixed : - Fixed a regression in Django 2.0.7 that broke the regex lookup on MariaDB - Fixed a regression where django.template.Template crashed if the template_string argument is lazy - Fixed __regex and __iregex lookups with MySQL - Fixed admin check crash when using a query expression in ModelAdmin.ordering - Fixed admin changelist crash when using a query expression without asc() or desc() in the page’s ordering - Fixed a regression that broke custom template filters that use decorators - Fixed detection of custom URL converters in included pattern - Fixed a regression that added an unnecessary subquery to the GROUP BY clause on MySQL when using a RawSQL annotation - Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ - Fixed a regression in Django 1.10 that could result in large memory usage when making edits using ModelAdmin.list_editable - Corrected the import paths that inspectdb generates for django.contrib.postgres fields - Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed - Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns last seen 2020-06-05 modified 2018-08-28 plugin id 112137 published 2018-08-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112137 title openSUSE Security Update : python-Django (openSUSE-2018-914) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3726-1.NASL description Andreas Hug discovered that Django contained an open redirect in CommonMiddleware. A remote attacker could possibly use this issue to perform phishing attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111511 published 2018-08-02 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111511 title Ubuntu 18.04 LTS : python-django vulnerability (USN-3726-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-608.NASL description This update for python-Django1 to version 1.11.15 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware (boo#1102680) The following other bugs were fixed : - Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ - Fixed a regression where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary - Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed - Fixed a regression where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns last seen 2020-06-01 modified 2020-06-02 plugin id 123266 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123266 title openSUSE Security Update : python-Django1 (openSUSE-2019-608) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-875.NASL description This update for python-Django1 to version 1.11.15 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware (boo#1102680) The following other bugs were fixed : - Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ - Fixed a regression where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary - Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed - Fixed a regression where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns last seen 2020-06-05 modified 2018-08-17 plugin id 111810 published 2018-08-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111810 title openSUSE Security Update : python-Django1 (openSUSE-2018-875) NASL family Fedora Local Security Checks NASL id FEDORA_2018-6FA1017C1D.NASL description bugfix update to 2.0.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120517 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120517 title Fedora 29 : python-django (2018-6fa1017c1d) NASL family Fedora Local Security Checks NASL id FEDORA_2018-0C85690BA7.NASL description Update to 1.11.15 security release (CVE-2018-14574) This fixes an open redirect possibility in CommonMiddleware. Release notes: https://docs.djangoproject.com/en/2.0/releases/1.11.15/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120229 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120229 title Fedora 28 : python2-django1.11 (2018-0c85690ba7)
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.securityfocus.com/bid/104970
- http://www.securitytracker.com/id/1041403
- https://access.redhat.com/errata/RHSA-2019:0265
- https://usn.ubuntu.com/3726-1/
- https://www.debian.org/security/2018/dsa-4264
- https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
- http://www.securityfocus.com/bid/104970
- https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
- https://www.debian.org/security/2018/dsa-4264
- https://usn.ubuntu.com/3726-1/
- https://access.redhat.com/errata/RHSA-2019:0265
- http://www.securitytracker.com/id/1041403