CVE-2024-45231
Publication date 3 September 2024
Last updated 3 September 2024
Ubuntu priority
Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes. To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the "django.contrib.auth" logger.
Why is this CVE low priority?
Only allows enumeration of user emails via brute-force approach.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| python-django | 24.04 LTS noble |
Fixed 3:4.2.11-1ubuntu1.3
|
| 22.04 LTS jammy |
Fixed 2:3.2.12-2ubuntu1.14
|
|
| 20.04 LTS focal |
Fixed 2:2.2.12-1ubuntu0.25
|
|
| 18.04 LTS bionic |
Fixed 1:1.11.11-1ubuntu1.21+esm7
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProReferences
Related Ubuntu Security Notices (USN)
- USN-6987-1
- Django vulnerabilities
- 3 September 2024