wagtail is vulnerable to Improper Access Control
43
Medium Risk
The Documents and Images chooser chosen endpoint does not enforce collection choose permissions. A user with access to the Wagtail admin can view the filename, title, and URLs of documents and images in collections they were not granted access to. This exposes metadata about restricted media to unauthorized admin users. The fix adds instance-level permission checks to the chosen endpoints.
You are affected if you are using a version that falls within the vulnerable range and grant users access to the Wagtail admin.
wagtail is vulnerable to Improper Access Control in versions 0.0.1 - 7.0.7, 7.1.0 - 7.3.2 and 7.4.0 - 7.4.1.
Upgrade the wagtail library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant