Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2016-02-08 19:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-2048
Mitre link : CVE-2016-2048
CVE.ORG link : CVE-2016-2048
JSON object : View
Products Affected
djangoproject
- django
CWE
CWE-284
Improper Access Control