CVE-2018-7536
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-7536 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue affects the versions of django as shipped with Red Hat Subscription Asset Manager. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v3 metrics
| CVSS3 Base Score | 5.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | Low |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Satellite 6.4 for RHEL 7 (python-django) | RHSA-2018:2927 | 2018-10-16 |
| Red Hat Satellite 6.4 for RHEL 7 (python-django) | RHSA-2018:2927 | 2018-10-16 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | Django | Will not fix |
| Red Hat Storage Console 2 | python-django | Will not fix |
| Red Hat Satellite 6 | python-django | Affected |
| Red Hat OpenStack Platform Operational Tools 9 | python-django | Will not fix |
| Red Hat OpenStack Platform 9.0 | python-django | Affected |
| Red Hat OpenStack Platform 8.0 (Liberty) | python-django | Affected |
| Red Hat OpenStack Platform 13.0 (Queens) | python-django | Affected |
| Red Hat OpenStack Platform 12.0 | python-django | Affected |
| Red Hat OpenStack Platform 11.0 (Ocata) | python-django | Affected |
| Red Hat OpenStack Platform 10 | python-django | Affected |
| Red Hat Gluster Storage 3 | python-django | Affected |
| Red Hat Enterprise Linux OpenStack Platform 8.0 Operational Tools for RHEL 7 | python-django | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7 | python-django | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | python-django | Affected |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | python-django | Will not fix |
| Red Hat Ceph Storage 3 | python-django | Affected |
| Red Hat Ceph Storage 2 | python-django | Affected |
| Red Hat Ceph Storage 1.3 | python-django | Affected |
Acknowledgements
Red Hat would like to thank the Django project for reporting this issue.External References
CVE description copyright © 2017, The MITRE Corporation
