Lucene search
Veracode Vulnerability DatabaseVERACODE:29595HistoryMar 09, 2021 - 12:52 a.m.
Information Disclosure
2021-03-0900:52:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
products.pluggableauthservice
information disclosure
access control
zodbrolemanager.py
vulnerability
EPSS
0.001
Percentile
38.0%
Products.PluggableAuthService is vulnerable to information disclosure. The vulnerability exists due to the lack of access control on enumerateRoles in ZODBRoleManager.py
References
www.openwall.com/lists/oss-security/2021/05/21/1
www.openwall.com/lists/oss-security/2021/05/22/1
github.com/advisories/GHSA-p75f-g7gx-2r7p
github.com/zopefoundation/Products.PluggableAuthService/commit/2dad81128250cb2e5d950cddc9d3c0314a80b4bb
github.com/zopefoundation/Products.PluggableAuthService/pull/87
github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p
pypi.org/project/Products.PluggableAuthService/
Related
osv
osv
CVE-2021-21336
2021-03-08 21:15:16
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager
2021-03-08 20:38:35
PYSEC-2021-44
2021-03-08 21:15:00
github
github
nvd
nvd
CVE-2021-21336
2021-03-08 21:15:16
prion
prion
Information disclosure
2021-03-08 21:15:00
cvelist
cvelist
cve
cve
CVE-2021-21336
2021-03-08 21:15:16
openvas
openvas
Plone CMS <= 5.2.4 Multiple Vulnerabilities
2021-05-27 00:00:00