CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d
https://github.com/sunscrapers/djoser/issues/795
https://github.com/sunscrapers/djoser/pull/819
https://github.com/sunscrapers/djoser/releases/tag/2.3.0
https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540
https://lists.debian.org/debian-lts-announce/2025/02/msg00023.html

Configurations

No configuration.

History

20 Feb 2025, 22:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/02/msg00023.html -

13 Dec 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-13 05:15

Updated : 2025-02-20 22:15

NVD link : CVE-2024-21543

Mitre link : CVE-2024-21543

CVE.ORG link : CVE-2024-21543

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

CWE-295

Improper Certificate Validation

{"id": "CVE-2024-21543", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "report@snyk.io", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-12-13T05:15:07.653", "references": [{"url": "https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d", "source": "report@snyk.io"}, {"url": "https://github.com/sunscrapers/djoser/issues/795", "source": "report@snyk.io"}, {"url": "https://github.com/sunscrapers/djoser/pull/819", "source": "report@snyk.io"}, {"url": "https://github.com/sunscrapers/djoser/releases/tag/2.3.0", "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540", "source": "report@snyk.io"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00023.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS."}, {"lang": "es", "value": "Las versiones del paquete djoser anteriores a la 2.3.0 son vulnerables a la omisi\u00f3n de autenticaci\u00f3n cuando falla la funci\u00f3n authenticate(). Esto se debe a que el sistema recurre a consultar directamente la base de datos, otorgando acceso a los usuarios con credenciales v\u00e1lidas y, finalmente, omitiendo las comprobaciones de autenticaci\u00f3n personalizadas, como la autenticaci\u00f3n de dos factores, las validaciones LDAP o los requisitos de AUTHENTICATION_BACKENDS configurados."}], "lastModified": "2025-02-20T22:15:30.670", "sourceIdentifier": "report@snyk.io"}