Lucene search
Veracode Vulnerability DatabaseVERACODE:29648HistoryMar 10, 2021 - 3:54 a.m.
Information Disclosure
2021-03-1003:54:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
41.3%
products_genericsetup is vulnerable to information disclosure. The vulnerability exists because the function _ensureSnapshotsFolder does not tighten the permissions for access control on setup tool log files and snapshot files and folders, allowing anonymous visitors to view log and snapshot files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| products.genericsetup | le | 2.1.0 | |
| products.genericsetup | le | 2.1.0 |
References
www.openwall.com/lists/oss-security/2021/05/21/1
www.openwall.com/lists/oss-security/2021/05/22/1
github.com/advisories/GHSA-jff3-mwp3-f8cw
github.com/zopefoundation/Products.GenericSetup/commit/700319512b3615b3871a1f24e096cf66dc488c57
github.com/zopefoundation/Products.GenericSetup/security/advisories/GHSA-jff3-mwp3-f8cw
pypi.org/project/Products.GenericSetup/
Related
osv
osv
CVE-2021-21360
2021-03-09 01:15:13
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
2021-03-09 00:38:31
PYSEC-2021-43
2021-03-09 01:15:00
cvelist
cvelist
cve
cve
CVE-2021-21360
2021-03-09 01:15:13
github
github
prion
prion
Information disclosure
2021-03-09 01:15:00
nvd
nvd
CVE-2021-21360
2021-03-09 01:15:13
openvas
openvas
Plone CMS <= 5.2.4 Multiple Vulnerabilities
2021-05-27 00:00:00