Access Restriction Bypass in products.pluggableauthservice

Do your applications use this vulnerable package? Test your applications

Overview

Products.PluggableAuthService is a Pluggable Zope authentication / authorization framework

Affected versions of this package are vulnerable to Access Restriction Bypass. Multiple login string transformation methods are set to public which could lead to Access Control issues. The vulnerability is likely not exploitable.

Remediation

Upgrade Products.PluggableAuthService to version 2.6.2 or higher.

References

GitHub Commit

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

None
Availability

None

Credit: Unknown
CWE: CWE-284
Snyk ID: SNYK-PYTHON-PRODUCTSPLUGGABLEAUTHSERVICE-1090197
Disclosed: 01 Apr, 2021
Published: 01 Apr, 2021

Access Restriction Bypass
Affecting products.pluggableauthservice package, versions [,2.6.2)

Overview

Remediation

References

CVSS Score

Access Restriction Bypass Affecting products.pluggableauthservice package, versions [,2.6.2)

Overview

Remediation

References

Access Restriction Bypass
Affecting products.pluggableauthservice package, versions [,2.6.2)