Test ID:	1.3.6.1.4.1.25623.1.0.833479
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (openSUSE-SU-2024:0017-1)
Summary:	The remote host is missing an update for the 'python-django-grappelli' package(s) announced via the openSUSE-SU-2024:0017-1 advisory.
Description:	Summary: The remote host is missing an update for the 'python-django-grappelli' package(s) announced via the openSUSE-SU-2024:0017-1 advisory. Vulnerability Insight: This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks (boo#1216481) - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added import statement with URLs for quickstart docs. - Improved: Added additional blocks with inlines to allow override. - Fixed: Compatibility with Django 3.1. - Fixed: Docs about adding Grappelli documentation URLS. Affected Software/OS: 'python-django-grappelli' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-46898 https://github.com/sehmaschine/django-grappelli/commit/4ca94bcda0fa2720594506853d85e00c8212968f https://github.com/sehmaschine/django-grappelli/compare/2.15.1...2.15.2 https://github.com/sehmaschine/django-grappelli/issues/975 https://github.com/sehmaschine/django-grappelli/pull/976
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.