Wiz
Vulnerability DatabaseCVE-2020-5240

CVE-2020-5240
Python vulnerability analysis and mitigation

Overview

CVE-2020-5240 is a high-severity security vulnerability affecting the wagtail-2fa Python package versions prior to 1.4.0. The vulnerability was discovered and disclosed on March 10, 2020, affecting the two-factor authentication (2FA) implementation in Wagtail CMS (GitHub Advisory).

Technical details

The vulnerability allows unauthorized users to bypass permission checks in the device management functionality. Any user with access to the CMS could view and delete other users' 2FA devices by accessing specific paths, without requiring special permissions. This security flaw existed due to missing permission validation in the device list and delete views (GitHub Commit).

Impact

The vulnerability enables attackers to disable target users' 2FA devices without proper authorization. If an attacker also obtains a user's password, they could potentially compromise the account by first removing the 2FA protection. This represents a significant security risk for organizations using the affected versions of wagtail-2fa (GitHub Advisory).

Mitigation and workarounds

The vulnerability was patched in version 1.4.1 of wagtail-2fa. The fix implements proper permission checks, ensuring that users can only manage their own 2FA devices unless they have the specific 'change_user' permission. There are no workarounds available for affected versions; upgrading to version 1.4.1 or later is required (GitHub Advisory).

Additional resources

SourceThis report was generated using AI

Related Python vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22871HIGH8.7
  • PythonPython
  • guarddog
NoYesJan 13, 2026
GHSA-58pv-8j8x-9vj2HIGH8.6
  • PythonPython
  • jaraco.context
NoYesJan 13, 2026
CVE-2026-22779MEDIUM6.3
  • PythonPython
  • blacksheep
NoYesJan 14, 2026
CVE-2026-21889LOW2.3
  • PythonPython
  • weblate
NoYesJan 14, 2026
CVE-2025-68492LOW2.3
  • PythonPython
  • chainlit
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo