wagtail-2fa@1.3.2 vulnerabilities

Two factor authentication for Wagtail

latest version

1.6.9
latest non vulnerable version

1.6.9
first published

6 years ago
latest version published

5 months ago
licenses detected
- MIT
  [0,)
View wagtail-2fa package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wagtail-2fa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Access Restriction Bypass wagtail-2fa is a Django app adding two factor authentication to Wagtail. Affected versions of this package are vulnerable to Access Restriction Bypass. Any user with access to the CMS could view and delete other users 2FA devices by going to the correct path. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. How to fix Access Restriction Bypass? Upgrade `wagtail-2fa` to version 1.4.1 or higher.	[,1.4.1)

Access Restriction Bypass

wagtail-2fa is a Django app adding two factor authentication to Wagtail.

Affected versions of this package are vulnerable to Access Restriction Bypass. Any user with access to the CMS could view and delete other users 2FA devices by going to the correct path. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password.

How to fix Access Restriction Bypass?

Upgrade wagtail-2fa to version 1.4.1 or higher.

[,1.4.1)

Go back to all versions of this package

wagtail-2fa@1.3.2 vulnerabilities

Two factor authentication for Wagtail

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities