VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qs2z-b4r2-aaac

Essentials
Severities (137)
References (27)
Severity details (46)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-qs2z-b4r2-aaac
Aliases	CVE-2019-19118 GHSA-hvmf-r92r-27hr PYSEC-2019-15 PYSEC-2019-85
Summary	Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-276	Incorrect Default Permissions
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-285	Improper Authorization

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19118.json
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
epss	0.00266	https://api.first.org/data/v1/epss?cve=CVE-2019-19118
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1781269
cvssv3.1	3.7	https://docs.djangoproject.com/en/dev/releases/security
cvssv3.1	6.5	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	HIGH	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	MODERATE	https://docs.djangoproject.com/en/dev/releases/security
generic_textual	Medium	https://docs.djangoproject.com/en/dev/releases/security/
cvssv3.1	6.5	https://github.com/advisories/GHSA-hvmf-r92r-27hr
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-hvmf-r92r-27hr
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-hvmf-r92r-27hr
generic_textual	HIGH	https://github.com/advisories/GHSA-hvmf-r92r-27hr
cvssv3.1	3.7	https://github.com/django/django
cvssv3.1	6.5	https://github.com/django/django
generic_textual	HIGH	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	6.5	https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244
generic_textual	HIGH	https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244
generic_textual	MODERATE	https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244
cvssv3.1	6.5	https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21
generic_textual	HIGH	https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21
generic_textual	MODERATE	https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21
cvssv3.1	6.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml
cvssv3.1	6.5	https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
generic_textual	HIGH	https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
generic_textual	MODERATE	https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5
cvssv2	4.0	https://nvd.nist.gov/vuln/detail/CVE-2019-19118
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2019-19118
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2019-19118
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2019-19118
archlinux	Low	https://security.archlinux.org/AVG-1070
cvssv3.1	6.5	https://security.gentoo.org/glsa/202004-17
cvssv3.1	8.8	https://security.gentoo.org/glsa/202004-17
generic_textual	HIGH	https://security.gentoo.org/glsa/202004-17
cvssv3.1	6.5	https://security.netapp.com/advisory/ntap-20191217-0003
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20191217-0003
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20191217-0003
cvssv3.1	6.5	https://www.djangoproject.com/weblog/2019/dec/02/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2019/dec/02/security-releases
generic_textual	MODERATE	https://www.djangoproject.com/weblog/2019/dec/02/security-releases
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2019/12/02/1
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2019/12/02/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2019/12/02/1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19118.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-19118
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118
		https://docs.djangoproject.com/en/dev/releases/security
		https://docs.djangoproject.com/en/dev/releases/security/
		https://github.com/django/django
		https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244
		https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml
		https://groups.google.com/forum/#%21topic/django-announce/GjGqDvtNmWQ
		https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
		https://security.gentoo.org/glsa/202004-17
		https://security.netapp.com/advisory/ntap-20191217-0003
		https://security.netapp.com/advisory/ntap-20191217-0003/
		https://www.djangoproject.com/weblog/2019/dec/02/security-releases
		https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
		http://www.openwall.com/lists/oss-security/2019/12/02/1
1781269		https://bugzilla.redhat.com/show_bug.cgi?id=1781269
946011		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946011
AVG-1070		https://security.archlinux.org/AVG-1070
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:fedoraproject:fedora:31:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
CVE-2019-19118		https://nvd.nist.gov/vuln/detail/CVE-2019-19118
GHSA-hvmf-r92r-27hr		https://github.com/advisories/GHSA-hvmf-r92r-27hr

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19118.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://docs.djangoproject.com/en/dev/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/advisories/GHSA-hvmf-r92r-27hr

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19118

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19118

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19118

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/202004-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202004-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20191217-0003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://www.djangoproject.com/weblog/2019/dec/02/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2019/12/02/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.47801
EPSS Score	0.00124
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.