Upstream information

CVE-2024-32879 at MITRE

Description

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1223373 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • python310-social-auth-app-django >= 5.4.1-1.1
  • python311-social-auth-app-django >= 5.4.1-1.1
  • python312-social-auth-app-django >= 5.4.1-1.1
Patchnames:
openSUSE-Tumbleweed-2024-14036


SUSE Timeline for this CVE

CVE page created: Thu Apr 25 00:00:04 2024
CVE page last modified: Tue Sep 3 19:34:33 2024