Zopefoundation Products.Pluggableauthservice vulnerabilities
2 known vulnerabilities affecting zopefoundation/products.pluggableauthservice.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-21337P3MEDIUMCVSS 6.1PoCfixed in 2.6.12021-03-08
CVE-2021-21337 [MEDIUM] CWE-601 CVE-2021-21337: Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Pro
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.
ghsanvd
CVE-2021-21336P3MEDIUMCVSS 6.5fixed in 2.6.02021-03-08
CVE-2021-21336 [MEDIUM] CWE-200 CVE-2021-21336: Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Pro
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0.
ghsanvd