Information Exposure Affecting products.pluggableauthservice package, versions [, 2.6.0)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Threat Intelligence
EPSS
0.09% (38th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PRODUCTSPLUGGABLEAUTHSERVICE-1083273
- published 9 Mar 2021
- disclosed 9 Mar 2021
- credit Calum Hutton
Introduced: 9 Mar 2021
CVE-2021-21336 Open this link in a new tabHow to fix?
Upgrade Products.PluggableAuthService
to version 2.6.0 or higher.
Overview
Products.PluggableAuthService is a Pluggable Zope authentication / authorization framework
Affected versions of this package are vulnerable to Information Exposure. Everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin.