Mezzanine allows attackers to bypass access control mechanisms · CVE-2024-25169 · GitHub Advisory Database · GitHub

Mezzanine allows attackers to bypass access control mechanisms

Moderate severity GitHub Reviewed Published Feb 28, 2024 to the GitHub Advisory Database • Updated Feb 28, 2024

Package

Mezzanine (pip)

Affected versions

<= 6.0.0

Patched versions

None

Description

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.

References

Published by the National Vulnerability Database

Feb 28, 2024

Published to the GitHub Advisory Database Feb 28, 2024

Reviewed Feb 28, 2024

Last updated Feb 28, 2024