Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-21337
HistoryMar 08, 2021 - 9:15 p.m.

CVE-2021-21337

2021-03-0821:15:00
CWE-601
[email protected]
web.nvd.nist.gov
92
2
products.pluggableauthservice
zope
authentication
authorization
open redirect
vulnerability
cve-2021-21337

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

79.4%

JSON

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.1 and re-run the buildout, or if you used pip simply do `pip install “Products.PluggableAuthService>=2.6.1”.

VendorProductVersionCPE
zopeproducts.pluggableauthservice*cpe:2.3:a:zope:products.pluggableauthservice:*:*:*:*:*:*:*:*

Social References

More

Related

osv 3
github 1
prion 1
zdt 1
packetstorm 1
veracode 1
exploitdb 1
osv
osv
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
2021-03-08 21:06:23
CVE-2021-21337
2021-03-08 21:15:16
PYSEC-2021-45
2021-03-08 21:15:00
github
github
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
2021-03-08 21:06:23
prion
prion
Open redirect
2021-03-08 21:15:00
zdt
zdt
Products.PluggableAuthService 2.6.0 - Open Redirect Vulnerability
2021-06-02 00:00:00
packetstorm
packetstorm
Products.PluggableAuthService 2.6.0 Open Redirect
2021-06-02 00:00:00
veracode
veracode
Open Redirection
2021-03-10 06:51:14
exploitdb
exploitdb
Products.PluggableAuthService 2.6.0 - Open Redirect
2021-06-02 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

79.4%

JSON
Related for CVE-2021-21337
osv3github1prion1zdt1packetstorm1veracode1exploitdb1