We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45231



Assignermitre
Reserved2024-08-24
Published2024-10-08
Updated2024-10-30

Description

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

References

https://docs.djangoproject.com/en/dev/releases/security/

https://groups.google.com/forum/#%21forum/django-announce

https://www.djangoproject.com/weblog/2024/sep/03/security-releases/

cve.org CVE-2024-45231

nvd.nist.gov CVE-2024-45231

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.