Security Advisory

CVE-2024-45231

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-08 00:00:00

Last updated 2025-03-17 17:30:18

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

← Browse all CVEs View on cve.org ↗