Vulnerabilities > CVE-2021-21336

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zope

plone

NVD

Published: 2021-03-08

Updated: 2024-11-21

Summary

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`.

Vulnerable Configurations

Part	Description	Count
Application	Zope Zope Products.Pluggableauthservice - Zope Products.Pluggableauthservice 1.5.1 Zope Products.Pluggableauthservice 1.5.2 Zope Products.Pluggableauthservice 1.5.2.1 Zope Products.Pluggableauthservice 1.5.3 Zope Products.Pluggableauthservice 1.5.4 Zope Products.Pluggableauthservice 1.5.5 Zope Products.Pluggableauthservice 1.6 Zope Products.Pluggableauthservice 1.6.1 Zope Products.Pluggableauthservice 1.6.2 Zope Products.Pluggableauthservice 1.6.3 Zope Products.Pluggableauthservice 1.6.4 Zope Products.Pluggableauthservice 1.6.5 Zope Products.Pluggableauthservice 1.7.0 Zope Products.Pluggableauthservice 1.7.1 Zope Products.Pluggableauthservice 1.7.2 Zope Products.Pluggableauthservice 1.7.3 Zope Products.Pluggableauthservice 1.7.4 Zope Products.Pluggableauthservice 1.7.5 Zope Products.Pluggableauthservice 1.7.6 Zope Products.Pluggableauthservice 1.7.7 Zope Products.Pluggableauthservice 1.7.8 Zope Products.Pluggableauthservice 1.8.0 Zope Products.Pluggableauthservice 1.9.0 Zope Products.Pluggableauthservice 1.10.0 Zope Products.Pluggableauthservice 1.11.0 Zope Products.Pluggableauthservice 1.11.1 Zope Products.Pluggableauthservice 1.11.2 Zope Products.Pluggableauthservice 1.11.3 Zope Products.Pluggableauthservice 2.0 Zope Products.Pluggableauthservice 2.1 Zope Products.Pluggableauthservice 2.1.1 Zope Products.Pluggableauthservice 2.2 Zope Products.Pluggableauthservice 2.2.1 Zope Products.Pluggableauthservice 2.3 Zope Products.Pluggableauthservice 2.4 Zope Products.Pluggableauthservice 2.5 Zope Products.Pluggableauthservice 2.5.1	46
Application	Plone Plone Plone 5.0 Plone Plone 5.0.1 Plone Plone 5.0.2 Plone Plone 5.0.3 Plone Plone 5.0.4 Plone Plone 5.0.5 Plone Plone 5.0.6 Plone Plone 5.0.7 Plone Plone 5.0.8 Plone Plone 5.0.9 Plone Plone 5.0.10 Plone Plone 5.1 Plone Plone 5.1.1 Plone Plone 5.1.2 Plone Plone 5.1.3 Plone Plone 5.1.4 Plone Plone 5.1.5 Plone Plone 5.1.6 Plone Plone 5.1.7 Plone Plone 5.1A1 Plone Plone 5.1A2 Plone Plone 5.1B2 Plone Plone 5.1B3 Plone Plone 5.1B4 Plone Plone 5.1Rc1 Plone Plone 5.1Rc2 Plone Plone 5.2 Plone Plone 5.2.0 Plone Plone 5.2.1 Plone Plone 5.2.2 Plone Plone 5.2.3 Plone Plone 5.2.4 Plone Plone 4.3.0 Plone Plone 4.3.1 Plone Plone 4.3.2 Plone Plone 4.3.3 Plone Plone 4.3.4 Plone Plone 4.3.5 Plone Plone 4.3.6 Plone Plone 4.3.7 Plone Plone 4.3.8 Plone Plone 4.3.9 Plone Plone 4.3.10 Plone Plone 4.3.11 Plone Plone 4.3.12 Plone Plone 4.3.13 Plone Plone 4.3.14 Plone Plone 4.3.15 Plone Plone 4.3.16 Plone Plone 4.3.17 Plone Plone 4.3.18 Plone Plone 4.3.19 Plone Plone 4.3.20	76

Vulnerabilities > CVE-2021-21336 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-21336"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-21336