CVE-2020-24583
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
Se detectó un problema en Django versiones 2.2 anteriores a 2.2.16, versiones 3.0 anteriores a 3.0.10 y versiones 3.1 anteriores a 3.1.1 (cuando es usado Python 3.7+). El modo FILE_UPLOAD_DIRECTORY_PERMISSIONS no fue aplicado a los directorios de nivel intermedio creados en el proceso de carga de archivos. Tampoco se aplicó a directorios estáticos recopilados de nivel intermedio cuando está usando el comando de administración collectstatic
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-21 CVE Reserved
- 2020-09-01 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/forum/#%21topic/django-announce/Gdqn58RqIDM | X_refsource_misc | |
| https://groups.google.com/forum/#%21topic/django-announce/zFCMdgUnutU | X_refsource_misc | |
| https://security.netapp.com/advisory/ntap-20200918-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.djangoproject.com/en/dev/releases/security | 2023-11-07 | |
| https://www.openwall.com/lists/oss-security/2020/09/01/2 | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpujan2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 2.2 < 2.2.16 Search vendor "Djangoproject" for product "Django" and version " >= 2.2 < 2.2.16" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.0 < 3.0.10 Search vendor "Djangoproject" for product "Django" and version " >= 3.0 < 3.0.10" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.1 < 3.1.1 Search vendor "Djangoproject" for product "Django" and version " >= 3.1 < 3.1.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||