CVE-2013-0305 (retired)

Priority
Description
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before
1.4.4, and 1.5 before release candidate 2 does not check permissions for
the history view, which allows remote authenticated administrators to
obtain sensitive object history information.
Notes
 jdstrand> requires access to the admin interface
Assigned-to
mdeslaur
More Information

Updated: 2019-08-23 08:52:17 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)