Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk: Low] wagtail Information Exposure (Due: 4/27/2022) #5043

Closed
patphongs opened this issue Jan 27, 2022 · 0 comments · Fixed by #5148
Closed

[Snyk: Low] wagtail Information Exposure (Due: 4/27/2022) #5043

patphongs opened this issue Jan 27, 2022 · 0 comments · Fixed by #5148
Labels
Security: low Remediate within 90 days
Milestone
Sprint 17.6

Comments

@patphongs
Copy link
Member

Summary

Introduced through
[email protected]

Fixed in
[email protected]

Overview
wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Information Exposure. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not had editing access to, as long as they have left a comment or reply somewhere on the site.

Detailed paths and remediation
Introduced through: [email protected][email protected]
Fix: Upgrade wagtail to version 2.15.2
@patphongs patphongs changed the title [Snyk: Low] Information Exposure (Due: 4/27/2022) [Snyk: Low] wagtail Information Exposure (Due: 4/27/2022) Jan 27, 2022
@patphongs patphongs added this to the Sprint 17.6 milestone Jan 27, 2022
@patphongs patphongs added the Security: low Remediate within 90 days label Jan 27, 2022
@patphongs patphongs mentioned this issue Jan 27, 2022
Closed
1 task
@cnlucas cnlucas mentioned this issue Feb 2, 2022
Closed
@hcaofec hcaofec mentioned this issue Feb 9, 2022
Closed
1 task
@patphongs patphongs mentioned this issue Feb 16, 2022
Closed
@pkfec pkfec mentioned this issue Feb 23, 2022
Closed
@fec-jli fec-jli mentioned this issue Mar 2, 2022
Closed
This was referenced Mar 9, 2022
Closed
Closed
@cnlucas cnlucas mentioned this issue Mar 23, 2022
Closed
1 task
@johnnyporkchops johnnyporkchops mentioned this issue Mar 24, 2022
Closed
3 tasks
@cnlucas cnlucas mentioned this issue Mar 30, 2022
Closed
@johnnyporkchops johnnyporkchops mentioned this issue Apr 5, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security: low Remediate within 90 days
Projects
None yet
Milestone
Sprint 17.6
Development

Successfully merging a pull request may close this issue.

Upgrade wagtail to 2.15.4 fecgov/fec-cms
1 participant
@patphongs