{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217837?format=json","vulnerability_id":"VCID-h32t-bmzf-j3h2","summary":"When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.","aliases":[{"alias":"PYSEC-2019-65"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15818?format=json","purl":"pkg:pypi/wagtail-2fa@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.3.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56041?format=json","purl":"pkg:pypi/wagtail-2fa@0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/56042?format=json","purl":"pkg:pypi/wagtail-2fa@0.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@0.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/56043?format=json","purl":"pkg:pypi/wagtail-2fa@0.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@0.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/56044?format=json","purl":"pkg:pypi/wagtail-2fa@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56045?format=json","purl":"pkg:pypi/wagtail-2fa@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56046?format=json","purl":"pkg:pypi/wagtail-2fa@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/56047?format=json","purl":"pkg:pypi/wagtail-2fa@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56048?format=json","purl":"pkg:pypi/wagtail-2fa@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9d3c-awdc-v3dq"},{"vulnerability":"VCID-gy5m-jsus-e3hv"},{"vulnerability":"VCID-h32t-bmzf-j3h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail-2fa@1.2.0"}],"references":[{"reference_url":"https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca"},{"reference_url":"https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81"},{"reference_url":"https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h32t-bmzf-j3h2"}