{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35171?format=json","vulnerability_id":"VCID-wch3-d92x-sudf","summary":"django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.","aliases":[{"alias":"CVE-2018-6188"},{"alias":"GHSA-rf4j-j272-fj86"},{"alias":"PYSEC-2018-4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10734?format=json","purl":"pkg:pypi/django@1.11.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-x61x-6b6k-h3bn"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.10"},{"url":"http://public2.vulnerablecode.io/api/packages/10653?format=json","purl":"pkg:pypi/django@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-x61x-6b6k-h3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10732?format=json","purl":"pkg:pypi/django@1.11.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-wch3-d92x-sudf"},{"vulnerability":"VCID-x61x-6b6k-h3bn"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.8"},{"url":"http://public2.vulnerablecode.io/api/packages/22485?format=json","purl":"pkg:pypi/django@2.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-84eq-cq89-9qhm"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-wch3-d92x-sudf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/10651?format=json","purl":"pkg:pypi/django@2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-wch3-d92x-sudf"},{"vulnerability":"VCID-x61x-6b6k-h3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10652?format=json","purl":"pkg:pypi/django@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-wch3-d92x-sudf"},{"vulnerability":"VCID-x61x-6b6k-h3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.1"}],"references":[{"reference_url":"https://github.com/advisories/GHSA-rf4j-j272-fj86","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rf4j-j272-fj86"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae"},{"reference_url":"https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml"},{"reference_url":"https://usn.ubuntu.com/3559-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1"},{"reference_url":"https://usn.ubuntu.com/3559-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1/"},{"reference_url":"https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422"},{"reference_url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"},{"reference_url":"http://www.securitytracker.com/id/1040422","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040422"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6188","reference_id":"CVE-2018-6188","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6188"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wch3-d92x-sudf"}