CVE-2019-16766: 2FA bypass in Wagtail through new device path
(updated )
When using wagtail-2fa, if someone gains access to someone’s Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched
References
Detect and mitigate CVE-2019-16766 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →