Safety vulnerability ID: 41209
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Wagtail-2fa version 1.3.0 includes a fix for CVE-2019-16766: When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS.
Latest version: 1.6.9
Two factor authentication for Wagtail
==================
- Add OtpRequiredMixin to enforce OTP checks in views
- Resolve possible vulnerabilities:
- [CWE-290](http://cwe.mitre.org/data/definitions/290.html)
- [CWE-20](http://cwe.mitre.org/data/definitions/20.html)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application