{"id":"CVE-2018-6188","details":"django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.","aliases":["GHSA-rf4j-j272-fj86","PYSEC-2018-4"],"modified":"2026-04-09T06:21:16.193677Z","published":"2018-02-05T03:29:00.267Z","related":["openSUSE-SU-2018:0632-1","openSUSE-SU-2023:0077-1","openSUSE-SU-2024:11205-1","openSUSE-SU-2024:13887-1","openSUSE-SU-2024:14208-1","openSUSE-SU-2026:10005-1"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1040422"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3559-1/"},{"type":"FIX","url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/django/django","events":[{"introduced":"0"},{"last_affected":"dfe7b85ed7e0c46cb59f545a4eefa9c3fd629f7d"},{"introduced":"0"},{"last_affected":"c3eafed987ee7356e270eb2826e096692528f816"},{"introduced":"0"},{"last_affected":"8c85c8692240e5ae4b568eb4272475fe1fa4b059"},{"introduced":"0"},{"last_affected":"7cc155a04ce9579de3cdca59db9a4de11dc5eab9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.11.8"},{"introduced":"0"},{"last_affected":"1.11.9"},{"introduced":"0"},{"last_affected":"2.0"},{"introduced":"0"},{"last_affected":"2.0.1"}]}}],"versions":["1.0","1.1","1.11","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.11a1","1.11b1","1.11rc1","1.2","1.2.1","1.3","1.4","1.7a2","2.0","2.0.1","2.0.10","2.0.11","2.0.12","2.0.13","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0a1","2.0b1","2.0rc1","stable/2.0.x"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"17.10"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6188.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}