CVE-2024-45231

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45231

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45231.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-45231

Aliases

Downstream

DEBIAN-CVE-2024-45231

OESA-2024-2278

OESA-2024-2279

OESA-2024-2280

OESA-2024-2281

OESA-2024-2282

SUSE-SU-2024:3139-1

SUSE-SU-2024:3161-1

UBUNTU-CVE-2024-45231

USN-6987-1

openSUSE-SU-2024:0282-1

openSUSE-SU-2024:14310-1

openSUSE-SU-2024:14318-1

Related

Published

2024-10-08T16:15:11Z

Modified

2025-09-19T15:05:47.568357Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

References

Affected packages

Git / github.com/django/django

Affected ranges

Type: GIT
Repo: https://github.com/django/django
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6f9fea33137fee6416ff43b775aa9567440a23d3

Affected versions

1.*

1.0

1.1

1.2

1.2.1

1.3

1.4

1.7a1

1.7a2

4.*

4.2

4.2.1

4.2.10

4.2.11

4.2.12

4.2.13

4.2.14

4.2.15

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.2a1

4.2b1

4.2rc1