CVE-2021-33203
django: Potential directory traversal via ``admindocs``
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
Django versiones anteriores a 2.2.24, versiones 3.x anteriores a 3.1.12 y versiones 3.2.x anteriores a 3.2.4, presenta un potencial salto de directorio por medio de django.contrib.admindocs. Los miembros del personal podrían usar la visualización TemplateDetailView para comprobar la existencia de archivos arbitrarios. Adicionalmente, si (y sólo si) las plantillas admindocs por defecto han sido personalizadas por los desarrolladores de aplicaciones para mostrar también el contenido de los archivos, entonces no sólo se habría expuesto la existencia sino también el contenido de los archivos. En otras palabras, se presenta un salto de directorio fuera de los directorios root de las plantillas
A flaw was found in django. Staff members could use the :mod:`~django.contrib.admindocs` ``TemplateDetailView`` view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed. The highest threat from this vulnerability is to data confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-19 CVE Reserved
- 2021-06-03 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/forum/#%21forum/django-announce | X_refsource_misc | |
| https://security.netapp.com/advisory/ntap-20210727-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.djangoproject.com/en/3.2/releases/security | 2023-11-07 | |
| https://www.djangoproject.com/weblog/2021/jun/02/security-releases | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | < 2.2.24 Search vendor "Djangoproject" for product "Django" and version " < 2.2.24" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.0.0 < 3.1.12 Search vendor "Djangoproject" for product "Django" and version " >= 3.0.0 < 3.1.12" | - |
Affected
| ||||||
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.2.0 < 3.2.4 Search vendor "Djangoproject" for product "Django" and version " >= 3.2.0 < 3.2.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||