Red Hat Security Advisory: Red Hat OpenStack Platform 18.0.3 (python-django) security update
This advisory addresses multiple security vulnerabilities in the python-django package used by Red Hat OpenStack Platform 18. 0. 3. The issues include potential denial-of-service vulnerabilities in django. utils. html. urlize() and django. utils. translation. get_supported_language_variant(), username enumeration via timing differences for users with unusable passwords, and a potential directory traversal vulnerability in django.
AI Analysis
Technical Summary
Red Hat OpenStack Platform 18.0.3 includes a security update for the python-django package that fixes four vulnerabilities: CVE-2024-38875 and CVE-2024-39614 are potential denial-of-service issues in specific Django utility functions; CVE-2024-39329 allows username enumeration through timing differences for accounts with unusable passwords; CVE-2024-39330 is a potential directory traversal vulnerability in the file storage save method. These issues affect the Django framework version 3.2.12-8.el9ost.src used in this platform. The update is rated moderate in severity and addresses these vulnerabilities to improve security posture.
Potential Impact
The vulnerabilities could allow an attacker to cause denial-of-service conditions via specific Django functions, enumerate usernames by measuring timing differences for accounts with unusable passwords, and potentially perform directory traversal attacks when saving files. These impacts could lead to service disruption and information disclosure about valid usernames. No known exploits in the wild have been reported. The overall security impact is considered moderate.
Mitigation Recommendations
A security update for python-django is available for Red Hat OpenStack Platform 18.0.3 that addresses these vulnerabilities. Users should apply this update following Red Hat's official guidance for new deployments or updating existing environments. Prior to applying this update, ensure all previously released errata relevant to the system have been applied. No additional mitigation actions are indicated by the vendor advisory.
Red Hat Security Advisory: Red Hat OpenStack Platform 18.0.3 (python-django) security update
Description
This advisory addresses multiple security vulnerabilities in the python-django package used by Red Hat OpenStack Platform 18. 0. 3. The issues include potential denial-of-service vulnerabilities in django. utils. html. urlize() and django. utils. translation. get_supported_language_variant(), username enumeration via timing differences for users with unusable passwords, and a potential directory traversal vulnerability in django.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat OpenStack Platform 18.0.3 includes a security update for the python-django package that fixes four vulnerabilities: CVE-2024-38875 and CVE-2024-39614 are potential denial-of-service issues in specific Django utility functions; CVE-2024-39329 allows username enumeration through timing differences for accounts with unusable passwords; CVE-2024-39330 is a potential directory traversal vulnerability in the file storage save method. These issues affect the Django framework version 3.2.12-8.el9ost.src used in this platform. The update is rated moderate in severity and addresses these vulnerabilities to improve security posture.
Potential Impact
The vulnerabilities could allow an attacker to cause denial-of-service conditions via specific Django functions, enumerate usernames by measuring timing differences for accounts with unusable passwords, and potentially perform directory traversal attacks when saving files. These impacts could lead to service disruption and information disclosure about valid usernames. No known exploits in the wild have been reported. The overall security impact is considered moderate.
Mitigation Recommendations
A security update for python-django is available for Red Hat OpenStack Platform 18.0.3 that addresses these vulnerabilities. Users should apply this update following Red Hat's official guidance for new deployments or updating existing environments. Prior to applying this update, ensure all previously released errata relevant to the system have been applied. No additional mitigation actions are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:9481
- Cve Count
- 4
- Additional Cves
- ["CVE-2024-39329","CVE-2024-39330","CVE-2024-39614"]
- Cvss Version
- null
Threat ID: 6a1f4e9ce29bf47b5008695c
Added to database: 6/2/2026, 9:43:56 PM
Last enriched: 6/2/2026, 10:23:43 PM
Last updated: 6/3/2026, 4:59:46 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.