CVE-2024-21543

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 13, 2024
CWE ID 287
CWE ID 295

Summary

CVE-2024-21543 is a newly disclosed vulnerability affecting versions of the package djoser prior to 2.3.0. The issue lies in the authenticate() function, which, when it fails to authenticate a user, results in the system bypassing custom authentication checks. This allows users with valid credentials to gain access to the system, bypassing two-factor authentication, LDAP validations, and other authentication backend requirements. The vulnerability can potentially lead to unauthorized access and data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share