A vulnerability in Django could allow an authenticated, remote attacker to access sensitive information on a targeted system.
The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker with administrator privileges and view-only permissions could exploit this vulnerability. A successful exploit could allow an attacker to view a targeted user’s hashed password on a targeted system.
The Django Software Foundation confirmed the vulnerability and released software updates.
Security Impact Rating: Medium