7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-24583

GHSA ID

GHSA-m6gj-h9gm-gw44

EPSS Score

0.85612%

CWE

CWE-276

Published

3/18/2021

Updated

9/18/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-24583

CVE-2020-24583:
Django Incorrect Default Permissions

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-24583

GHSA ID

GHSA-m6gj-h9gm-gw44

EPSS Score

0.85612%

CWE

CWE-276

Published

3/18/2021

Updated

9/18/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Django	pip	>= 2.2a1, < 2.2.16	2.2.16
Django	pip	>= 3.0a1, < 3.0.10	3.0.10
Django	pip	>= 3.1a1, < 3.1.1	3.1.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *j*n*o *.* ***or* *.*.**, *.* ***or* *.*.**, *n* *.* ***or* *.*.* (w**n Pyt*on *.*+ is us**). *IL*_UPLO**_*IR**TORY_P*RMISSIONS mo** w*s not *ppli** to int*rm**i*t*-l*v*l *ir**tori*s *r**t** in t** pro**ss o* uplo**in* *il*

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-24583: Django Incorrect Default Permissions

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-24583:
Django Incorrect Default Permissions

Vulnerability Intelligence
Miggo AI