vulnerability
FreeBSD: VID-d5fead4f-8efa-11ea-a5c8-08002728f74c (CVE-2020-11037): Wagtail -- potential timing attack vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:N/C:P/I:N/A:N) | May 5, 2020 | May 7, 2020 | Dec 10, 2025 |
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
May 5, 2020
Added
May 7, 2020
Modified
Dec 10, 2025
Description
Wagtail release notes: CVE-2020-11037: Potential timing attack on password-protected private pages This release addresses a potential timing attack on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. (This is understood to be feasible on a local network, but not on the public internet.)
Solutions
freebsd-upgrade-package-py35-wagtailfreebsd-upgrade-package-py36-wagtailfreebsd-upgrade-package-py37-wagtailfreebsd-upgrade-package-py38-wagtail
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.