CVE-2017-7233
Find out more about CVE-2017-7233 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue affects the versions of python-django as shipped with Red Hat Satellite 6. Please note that python-django, as used by Pulp does not make use of the Pulp doesn't use "is_safe_url" directly or the "i18n" views or the "django.contrib.auth" Login view. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v3 metrics
| CVSS3 Base Score | 6.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat OpenStack Platform 9.0 (python-django) | RHSA-2017:1462 | 2017-06-14 |
| Red Hat Satellite 6.4 for RHEL 7 (python-django) | RHSA-2018:2927 | 2018-10-16 |
| Red Hat OpenStack Platform 11.0 (Ocata) (python-django) | RHSA-2017:3093 | 2017-10-31 |
| Red Hat OpenStack Platform 8.0 (Liberty) (python-django) | RHSA-2017:1470 | 2017-06-14 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (python-django) | RHSA-2017:1445 | 2017-06-14 |
| Red Hat Satellite 6.4 for RHEL 7 (python-django) | RHSA-2018:2927 | 2018-10-16 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 (python-django) | RHSA-2017:1451 | 2017-06-14 |
| Red Hat OpenStack Platform 10 (python-django) | RHSA-2017:1596 | 2017-06-28 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | Django | Will not fix |
| Red Hat Storage Console 2 | Django | Will not fix |
| Red Hat Storage Console 2 | python-django | Will not fix |
| Red Hat Satellite 6 | python-django | Will not fix |
| Red Hat OpenStack Platform Operational Tools 9 | python-django | Will not fix |
| Red Hat OpenStack Platform 12.0 | python-django | Not affected |
| Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7 | python-django | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 8.0 Operational Tools for RHEL 7 | python-django | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7 | python-django | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | python-django | Will not fix |
| Red Hat Ceph Storage 2 | Django | Will not fix |
| Red Hat Ceph Storage 1.3 | Django | Will not fix |
