Description

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.

INFO

Published Date :

2024-12-13T05:00:16.747Z

Last Modified :

2025-02-20T22:02:38.155Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2024-21543 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-21543.

URL Resource
https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d cve-icon cve-icon
https://github.com/sunscrapers/djoser/issues/795 cve-icon cve-icon
https://github.com/sunscrapers/djoser/pull/819 cve-icon cve-icon
https://github.com/sunscrapers/djoser/releases/tag/2.3.0 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/02/msg00023.html cve-icon
https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact