Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5
CVE-2020-5240
- EPSS 0.16%
- Veröffentlicht 13.03.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:33:44
In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disabl...
8.8
CVE-2019-16766
- EPSS 0.16%
- Veröffentlicht 29.11.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 04:31:08
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem ...
1