CVE-2018-6188

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-6188
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6188.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-6188
Aliases
Downstream
Related
Published
2018-02-05T03:29:00Z
Modified
2025-10-15T09:58:11.090585Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed() method, as demonstrated by discovering whether a user account is inactive.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7cc155a04ce9579de3cdca59db9a4de11dc5eab9
Last affected
b99221b8bb2a4cd7fd5ac6e5f03e8eb1953d6384
Last affected
c3eafed987ee7356e270eb2826e096692528f816
Last affected
dfe7b85ed7e0c46cb59f545a4eefa9c3fd629f7d

Affected versions

1.*

1.0
1.1
1.11
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.11a1
1.11b1
1.11rc1
1.2
1.2.1
1.3
1.4
1.7a1
1.7a2

2.*

2.0a1
2.0b1