CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21337

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install "Products.PluggableAuthService>=2.6.1".

Exploit prediction scoring system (EPSS) score

EPSS Score 0.037

EPSS Ranking 87.4%

CVSS Severity

CVSS v3 Score 5.7

CVSS v2 Score 5.8

References

Products affected by CVE-2021-21337

Zope » Products.pluggableauthservice » Version: N/A

cpe:2.3:a:zope:products.pluggableauthservice:-
Zope » Products.pluggableauthservice » Version: 1.10.0

cpe:2.3:a:zope:products.pluggableauthservice:1.10.0
Zope » Products.pluggableauthservice » Version: 1.11.0

cpe:2.3:a:zope:products.pluggableauthservice:1.11.0
Zope » Products.pluggableauthservice » Version: 1.11.1

cpe:2.3:a:zope:products.pluggableauthservice:1.11.1
Zope » Products.pluggableauthservice » Version: 1.11.2

cpe:2.3:a:zope:products.pluggableauthservice:1.11.2
Zope » Products.pluggableauthservice » Version: 1.11.3

cpe:2.3:a:zope:products.pluggableauthservice:1.11.3
Zope » Products.pluggableauthservice » Version: 1.5.1

cpe:2.3:a:zope:products.pluggableauthservice:1.5.1
Zope » Products.pluggableauthservice » Version: 1.5.2

cpe:2.3:a:zope:products.pluggableauthservice:1.5.2
Zope » Products.pluggableauthservice » Version: 1.5.2.1

cpe:2.3:a:zope:products.pluggableauthservice:1.5.2.1
Zope » Products.pluggableauthservice » Version: 1.5.3

cpe:2.3:a:zope:products.pluggableauthservice:1.5.3
Zope » Products.pluggableauthservice » Version: 1.5.4

cpe:2.3:a:zope:products.pluggableauthservice:1.5.4
Zope » Products.pluggableauthservice » Version: 1.5.5

cpe:2.3:a:zope:products.pluggableauthservice:1.5.5
Zope » Products.pluggableauthservice » Version: 1.6

cpe:2.3:a:zope:products.pluggableauthservice:1.6
Zope » Products.pluggableauthservice » Version: 1.6.1

cpe:2.3:a:zope:products.pluggableauthservice:1.6.1
Zope » Products.pluggableauthservice » Version: 1.6.2

cpe:2.3:a:zope:products.pluggableauthservice:1.6.2
Zope » Products.pluggableauthservice » Version: 1.6.3

cpe:2.3:a:zope:products.pluggableauthservice:1.6.3
Zope » Products.pluggableauthservice » Version: 1.6.4

cpe:2.3:a:zope:products.pluggableauthservice:1.6.4
Zope » Products.pluggableauthservice » Version: 1.6.5

cpe:2.3:a:zope:products.pluggableauthservice:1.6.5
Zope » Products.pluggableauthservice » Version: 1.7.0

cpe:2.3:a:zope:products.pluggableauthservice:1.7.0
Zope » Products.pluggableauthservice » Version: 1.7.1

cpe:2.3:a:zope:products.pluggableauthservice:1.7.1
Zope » Products.pluggableauthservice » Version: 1.7.2

cpe:2.3:a:zope:products.pluggableauthservice:1.7.2
Zope » Products.pluggableauthservice » Version: 1.7.3

cpe:2.3:a:zope:products.pluggableauthservice:1.7.3
Zope » Products.pluggableauthservice » Version: 1.7.4

cpe:2.3:a:zope:products.pluggableauthservice:1.7.4
Zope » Products.pluggableauthservice » Version: 1.7.5

cpe:2.3:a:zope:products.pluggableauthservice:1.7.5
Zope » Products.pluggableauthservice » Version: 1.7.6

cpe:2.3:a:zope:products.pluggableauthservice:1.7.6
Zope » Products.pluggableauthservice » Version: 1.7.7

cpe:2.3:a:zope:products.pluggableauthservice:1.7.7
Zope » Products.pluggableauthservice » Version: 1.7.8

cpe:2.3:a:zope:products.pluggableauthservice:1.7.8
Zope » Products.pluggableauthservice » Version: 1.8.0

cpe:2.3:a:zope:products.pluggableauthservice:1.8.0
Zope » Products.pluggableauthservice » Version: 1.9.0

cpe:2.3:a:zope:products.pluggableauthservice:1.9.0
Zope » Products.pluggableauthservice » Version: 2.0

cpe:2.3:a:zope:products.pluggableauthservice:2.0
Zope » Products.pluggableauthservice » Version: 2.1

cpe:2.3:a:zope:products.pluggableauthservice:2.1
Zope » Products.pluggableauthservice » Version: 2.1.1

cpe:2.3:a:zope:products.pluggableauthservice:2.1.1
Zope » Products.pluggableauthservice » Version: 2.2

cpe:2.3:a:zope:products.pluggableauthservice:2.2
Zope » Products.pluggableauthservice » Version: 2.2.1

cpe:2.3:a:zope:products.pluggableauthservice:2.2.1
Zope » Products.pluggableauthservice » Version: 2.3

cpe:2.3:a:zope:products.pluggableauthservice:2.3
Zope » Products.pluggableauthservice » Version: 2.4

cpe:2.3:a:zope:products.pluggableauthservice:2.4
Zope » Products.pluggableauthservice » Version: 2.5

cpe:2.3:a:zope:products.pluggableauthservice:2.5
Zope » Products.pluggableauthservice » Version: 2.5.1

cpe:2.3:a:zope:products.pluggableauthservice:2.5.1
Zope » Products.pluggableauthservice » Version: 2.6.0

cpe:2.3:a:zope:products.pluggableauthservice:2.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21337

Products

Pricing

Contact Us