VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-pkcr-w2en-dufq

Essentials
Severities (21)
References (12)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pkcr-w2en-dufq
Aliases	CVE-2023-45809 GHSA-fc75-58r8-rm3h PYSEC-2023-219
Summary	Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Status	Published
Exploitability	0.5
Weighted Severity	2.4
Risk	1.2
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-532	Insertion of Sensitive Information into Log File
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-425	Direct Request ('Forced Browsing')

System	Score	Found at
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2023-45809
cvssv3.1	2.7	https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
generic_textual	LOW	https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
cvssv3.1	2.7	https://github.com/wagtail/wagtail
generic_textual	LOW	https://github.com/wagtail/wagtail
cvssv3.1	2.7	https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
generic_textual	LOW	https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
cvssv3.1	2.7	https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
generic_textual	LOW	https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
cvssv3.1	2.7	https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
generic_textual	LOW	https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
cvssv3.1	2.7	https://github.com/wagtail/wagtail/releases/tag/v4.1.9
generic_textual	LOW	https://github.com/wagtail/wagtail/releases/tag/v4.1.9
cvssv3.1	2.7	https://github.com/wagtail/wagtail/releases/tag/v5.0.5
generic_textual	LOW	https://github.com/wagtail/wagtail/releases/tag/v5.0.5
cvssv3.1	2.7	https://github.com/wagtail/wagtail/releases/tag/v5.1.3
generic_textual	LOW	https://github.com/wagtail/wagtail/releases/tag/v5.1.3
cvssv3.1	2.7	https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
generic_textual	LOW	https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
cvssv3.1	2.7	https://nvd.nist.gov/vuln/detail/CVE-2023-45809
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2023-45809

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-45809
		https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
		https://github.com/wagtail/wagtail
		https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
		https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
		https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
		https://github.com/wagtail/wagtail/releases/tag/v4.1.9
		https://github.com/wagtail/wagtail/releases/tag/v5.0.5
		https://github.com/wagtail/wagtail/releases/tag/v5.1.3
		https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
CVE-2023-45809		https://nvd.nist.gov/vuln/detail/CVE-2023-45809
GHSA-fc75-58r8-rm3h		https://github.com/advisories/GHSA-fc75-58r8-rm3h

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail/releases/tag/v4.1.9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail/releases/tag/v5.0.5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail/releases/tag/v5.1.3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45809

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.46041
EPSS Score	0.00232
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T20:32:58.661161+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/wagtail/PYSEC-2023-219.yaml	38.6.0