CVE-2020-24583 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-24583 Interim 1 14 2026-03-05T05:43:38Z current 2021-09-30T01:31:51Z 2026-03-05T05:43:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-24583 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 HPE Helion OpenStack Cloud 8 Image SLE-Micro Image SLE-Micro-BYOS Image SLE-Micro-BYOS-EC2 Image SLE-Micro-EC2 SUSE Enterprise Storage 5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openSUSE Tumbleweed python-Django python-Django1 python310-Django-4.2.11-2.1 python310-Django4-4.2.14-1.1 python311-Django-4.2.11-2.1 python311-Django4-4.2.14-1.1 python312-Django-4.2.11-2.1 python312-Django4-4.2.14-1.1 python312-Django6-6.0-1.1 python313-Django6-6.0-1.1 python36-Django-3.2.7-2.3 python38-Django-3.2.7-2.3 python39-Django-3.2.7-2.3 regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 as a component of Image SLE-Micro regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS-EC2 regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 as a component of Image SLE-Micro-EC2 python310-Django-4.2.11-2.1 as a component of openSUSE Tumbleweed python310-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python311-Django-4.2.11-2.1 as a component of openSUSE Tumbleweed python311-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python312-Django-4.2.11-2.1 as a component of openSUSE Tumbleweed python312-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python312-Django6-6.0-1.1 as a component of openSUSE Tumbleweed python313-Django6-6.0-1.1 as a component of openSUSE Tumbleweed python36-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed python38-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed python39-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed python-Django as a component of HPE Helion OpenStack 8 python-Django as a component of HPE Helion OpenStack Cloud 8 python-Django as a component of SUSE Enterprise Storage 5 python-Django as a component of SUSE OpenStack Cloud 7 python-Django as a component of SUSE OpenStack Cloud 8 python-Django1 as a component of SUSE OpenStack Cloud 9 python-Django as a component of SUSE OpenStack Cloud Crowbar 8 python-Django1 as a component of SUSE OpenStack Cloud Crowbar 9 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. CVE-2020-24583 Image SLE-Micro:regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 Image SLE-Micro-BYOS:regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 Image SLE-Micro-BYOS-EC2:regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 Image SLE-Micro-EC2:regionServiceClientConfigEC2-5.0.0-slfo.1.1_1.1 openSUSE Tumbleweed:python310-Django-4.2.11-2.1 openSUSE Tumbleweed:python310-Django4-4.2.14-1.1 openSUSE Tumbleweed:python311-Django-4.2.11-2.1 openSUSE Tumbleweed:python311-Django4-4.2.14-1.1 openSUSE Tumbleweed:python312-Django-4.2.11-2.1 openSUSE Tumbleweed:python312-Django4-4.2.14-1.1 openSUSE Tumbleweed:python312-Django6-6.0-1.1 openSUSE Tumbleweed:python313-Django6-6.0-1.1 openSUSE Tumbleweed:python36-Django-3.2.7-2.3 openSUSE Tumbleweed:python38-Django-3.2.7-2.3 openSUSE Tumbleweed:python39-Django-3.2.7-2.3 HPE Helion OpenStack 8:python-Django HPE Helion OpenStack Cloud 8:python-Django SUSE Enterprise Storage 5:python-Django SUSE OpenStack Cloud 7:python-Django SUSE OpenStack Cloud 8:python-Django SUSE OpenStack Cloud 9:python-Django1 SUSE OpenStack Cloud Crowbar 8:python-Django SUSE OpenStack Cloud Crowbar 9:python-Django1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N