PyPi: Tendenci

CVE-2020-24583

Transitive

Safety vulnerability ID: 38767

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 01, 2020 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Tendenci 12.2 updates Django version to 2.2.16, which fixes two security issues and two data loss bugs in version 2.2.15.

Affected package

tendenci

Latest version: 15.3

Tendenci - The Open Source Association Management System (AMS)

Affected versions

Fixed versions

Vulnerability changelog

**New Features and Improvements**

* An oauth2 client for tendenci that you can use to set up single sign-on (SSO)
* Added an option to add a directory for memberships on join approval
* Directory owner or creator can publish their directories if they are created with their memberships or corporate memberships
* If directory for memberships or corporate memberships is enabled, admin can add a directory and associate it with an existing membership or corp membership.
* Included `directory_url` and `directory_edit_url` tags for membership and corporate membership notices so that they can be added in the approval notifications to link members to their directory view and edit pages
* Added the support for LibreOffice/OpenOffice Document upload (Thanks evanspaeder)

**Fixes**

* Updated django version to 2.2.16 (Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15)
* Fixed max_length for creator_username and owner_username fields that does not match with username's (Thanks evanspaeder)
* Fixed a DataError in event registration
* Fixed the issue about selected groups being de-selected on event pricing edit

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
NONE
Availability Availability (A)
NONE

CVSS v2 Details

MEDIUM 5.0
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
NONE
Availability Impact (A)
NONE