जमा करें #857945: geex-arts django-jet 0cc1e636109f680de6759ac30c0b14ef980883bc CWE-639 Authorization Bypass Through User-Controlled Keyजानकारी

शीर्षकgeex-arts django-jet 0cc1e636109f680de6759ac30c0b14ef980883bc CWE-639 Authorization Bypass Through User-Controlled Key
विवरणgeex-arts/django-jet checks only that the requester is a staff user before resolving dashboard modules by primary key in the dashboard module update view. The object lookup is not scoped to request.user, so one staff user can read or modify another staff user's dashboard module by changing the module id. For Google Analytics or Yandex Metrika modules, module forms may include credential-related stored values.
स्रोत⚠️ https://github.com/geex-arts/django-jet/issues/528
उपयोगकर्ता
 GalaxynX (UID 98977)
सबमिशन13/06/2026 01:52 PM (1 महीना पहले)
संयम18/07/2026 11:51 AM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि380037 [geex-arts django-jet तक 1.0.8 Dashboard jet/dashboard/views.py अधिकार वृद्धि]
अंक19

Might our Artificial Intelligence support you?

Check our Alexa App!