Missing Authentication for Critical Function
CVE-2024-22513
Summary
The djangorestframework-simplejwt is vulnerable to Information Disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the "for_user" method. This issue affects versions prior to 5.5.1.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-306 - Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References
Advisory Timeline
- Published
