Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dw47-n3f3-ffa2
Summary
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
If a model has been made available for editing through the [`wagtail.contrib.settings`](https://docs.wagtail.org/en/stable/reference/contrib/settings.html) module or [`ModelViewSet`](https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset), and the [`permission` argument on `FieldPanel`](https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission) has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific field can craft an HTTP POST request that bypasses the permission check on the individual field, allowing them to update its value.

The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, or by a user who has not been granted edit access to the model in question. The editing interfaces for pages and snippets are also unaffected.
Aliases
0
alias CVE-2024-32882
1
alias GHSA-w2v8-php4-p8hc
Fixed_packages
0
url pkg:pypi/wagtail@6.0.3
purl pkg:pypi/wagtail@6.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22sk-jw8g-byek
1
vulnerability VCID-39ey-uzfk-8qh3
2
vulnerability VCID-8vb4-y953-b7dp
3
vulnerability VCID-ehpx-45mk-kya5
4
vulnerability VCID-esy5-hesv-zyf7
5
vulnerability VCID-k7jj-wh5a-kudh
6
vulnerability VCID-kphk-eqcu-fuhd
7
vulnerability VCID-mj1d-3up9-2bbs
8
vulnerability VCID-rks7-49ud-u7g2
9
vulnerability VCID-vzg1-msbd-g3hm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.3
1
url pkg:pypi/wagtail@6.1rc1
purl pkg:pypi/wagtail@6.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22sk-jw8g-byek
1
vulnerability VCID-39ey-uzfk-8qh3
2
vulnerability VCID-8vb4-y953-b7dp
3
vulnerability VCID-esy5-hesv-zyf7
4
vulnerability VCID-k7jj-wh5a-kudh
5
vulnerability VCID-kphk-eqcu-fuhd
6
vulnerability VCID-mj1d-3up9-2bbs
7
vulnerability VCID-rks7-49ud-u7g2
8
vulnerability VCID-vzg1-msbd-g3hm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1rc1
Affected_packages
0
url pkg:pypi/wagtail@6.0
purl pkg:pypi/wagtail@6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22sk-jw8g-byek
1
vulnerability VCID-39ey-uzfk-8qh3
2
vulnerability VCID-8vb4-y953-b7dp
3
vulnerability VCID-dw47-n3f3-ffa2
4
vulnerability VCID-ehpx-45mk-kya5
5
vulnerability VCID-esy5-hesv-zyf7
6
vulnerability VCID-k7jj-wh5a-kudh
7
vulnerability VCID-kphk-eqcu-fuhd
8
vulnerability VCID-mj1d-3up9-2bbs
9
vulnerability VCID-rks7-49ud-u7g2
10
vulnerability VCID-vzg1-msbd-g3hm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0
1
url pkg:pypi/wagtail@6.0.0
purl pkg:pypi/wagtail@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dw47-n3f3-ffa2
1
vulnerability VCID-ehpx-45mk-kya5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.0
2
url pkg:pypi/wagtail@6.0.1
purl pkg:pypi/wagtail@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22sk-jw8g-byek
1
vulnerability VCID-39ey-uzfk-8qh3
2
vulnerability VCID-8vb4-y953-b7dp
3
vulnerability VCID-dw47-n3f3-ffa2
4
vulnerability VCID-ehpx-45mk-kya5
5
vulnerability VCID-esy5-hesv-zyf7
6
vulnerability VCID-k7jj-wh5a-kudh
7
vulnerability VCID-kphk-eqcu-fuhd
8
vulnerability VCID-mj1d-3up9-2bbs
9
vulnerability VCID-rks7-49ud-u7g2
10
vulnerability VCID-vzg1-msbd-g3hm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.1
3
url pkg:pypi/wagtail@6.0.2
purl pkg:pypi/wagtail@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22sk-jw8g-byek
1
vulnerability VCID-39ey-uzfk-8qh3
2
vulnerability VCID-8vb4-y953-b7dp
3
vulnerability VCID-dw47-n3f3-ffa2
4
vulnerability VCID-ehpx-45mk-kya5
5
vulnerability VCID-esy5-hesv-zyf7
6
vulnerability VCID-k7jj-wh5a-kudh
7
vulnerability VCID-kphk-eqcu-fuhd
8
vulnerability VCID-mj1d-3up9-2bbs
9
vulnerability VCID-rks7-49ud-u7g2
10
vulnerability VCID-vzg1-msbd-g3hm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32882
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24272
published_at 2026-06-07T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24326
published_at 2026-06-06T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.24345
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32882
1
reference_url https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:08:02Z/
url https://docs.wagtail.org/en/stable/extending/generic_views.html#modelviewset
2
reference_url https://docs.wagtail.org/en/stable/reference/contrib/settings.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:08:02Z/
url https://docs.wagtail.org/en/stable/reference/contrib/settings.html
3
reference_url https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:08:02Z/
url https://docs.wagtail.org/en/stable/reference/pages/panels.html#wagtail.admin.panels.FieldPanel.permission
4
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
5
reference_url https://github.com/wagtail/wagtail/commit/ab2a5d82b4ee3c909d2456704388ccf90e367c9b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:08:02Z/
url https://github.com/wagtail/wagtail/commit/ab2a5d82b4ee3c909d2456704388ccf90e367c9b
6
reference_url https://github.com/wagtail/wagtail/commit/fa0d4829f9c81eefb37cc058e2fa1b6a918741da
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/fa0d4829f9c81eefb37cc058e2fa1b6a918741da
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.0.3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v6.0.3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32882
reference_id CVE-2024-32882
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32882
9
reference_url https://github.com/advisories/GHSA-w2v8-php4-p8hc
reference_id GHSA-w2v8-php4-p8hc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2v8-php4-p8hc
10
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-w2v8-php4-p8hc
reference_id GHSA-w2v8-php4-p8hc
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:08:02Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-w2v8-php4-p8hc
Weaknesses
0
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 280
name Improper Handling of Insufficient Permissions or Privileges
description The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
3
cwe_id 281
name Improper Preservation of Permissions
description The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Exploits
Severity_range_score0.1 - 3
Exploitability0.5
Weighted_severity2.7
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dw47-n3f3-ffa2