CVE-2024-32879 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-32879 at MITRE

Description

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1223373 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`python310-social-auth-app-django >= 5.4.1-1.1` `python311-social-auth-app-django >= 5.4.1-1.1` `python312-social-auth-app-django >= 5.4.1-1.1`	Patchnames: openSUSE-Tumbleweed-2024-14036

SUSE Timeline for this CVE

CVE page created: Thu Apr 25 00:00:04 2024
CVE page last modified: Sun Jun 16 03:09:47 2024