Skip to main content

Wagtail 2Fa

2 CVEs product

Monthly

CVE-2020-5240 PyPI HIGH PATCH This Week

In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub
CVSS 3.1
8.5
EPSS
0.8%
CVE-2019-16766 PyPI HIGH PATCH This Week

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
EPSS 1% CVSS 8.5
HIGH PATCH This Week

In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Wagtail 2Fa
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy