Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2024-25169 — Mezzanine allows attackers to bypass access control mechanisms · VulnScope

CVE-2024-25169

Mezzanine allows attackers to bypass access control mechanisms

EPSS 1.1%

Description

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.

How to fix CVE-2024-25169

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

PyPI/mezzanine—no fix listed

Is CVE-2024-25169 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 6.0.0

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-25169
PATCHgithub.com/stephenmcd/mezzanine
WEBgithub.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0
WEBibb.co/hLLPTVp
WEBibb.co/JKh4hmD

Metadata

Published: 2/28/2024
Modified: 12/6/2024

Also known as:

GHSA-qp56-82vp-xqgvghsa

WEBibb.co/Pt9qd8t

WEBibb.co/rfrKj3r