Products.PluggableAuthService is vulnerable to information disclosure. The vulnerability exists due to the lack of access control on enumerateRoles
in ZODBRoleManager.py
www.openwall.com/lists/oss-security/2021/05/21/1
www.openwall.com/lists/oss-security/2021/05/22/1
github.com/advisories/GHSA-p75f-g7gx-2r7p
github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb
github.com/zopefoundation/Products.PluggableAuthService/pull/87
github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p
pypi.org/project/Products.PluggableAuthService/