CVE-2013-0305

Priority
Description
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before
1.4.4, and 1.5 before release candidate 2 does not check permissions for
the history view, which allows remote authenticated administrators to
obtain sensitive object history information.
Assigned-to
mdeslaur
Notes
jdstrandrequires access to the admin interface
More Information

Updated: 2020-01-29 19:45:53 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)