CVE-2024-21543

MEDIUM Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-287
View all →

Vulnerability Description

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.

Related Vulnerabilities

CVE-2017-12778

HIGH
CVSS:7.1(High)

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value ...

CWE-2872017

CVE-2018-1738

HIGH
CVSS:7.1(High)

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM ...

CWE-2872018

CVE-2018-4064

HIGH
CVSS:7.1(High)

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unveri...

CWE-2872018

CVE-2020-10709

HIGH
CVSS:7.1(High)

A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a ...

CWE-2872020

CVE-2021-20593

HIGH
CVSS:7.1(High)

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3....

CWE-2872021