GHSA-cw58-gpgw-hwx2

Source

https://github.com/advisories/GHSA-cw58-gpgw-hwx2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cw58-gpgw-hwx2/GHSA-cw58-gpgw-hwx2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cw58-gpgw-hwx2

Aliases

Published

2022-05-24T17:07:14Z

Modified

2024-10-14T22:01:32.695667Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Plone allows weak passwords

Details

Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.

Database specific

{
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-521"
    ],
    "nvd_published_at": "2020-01-23T21:15:00Z",
    "github_reviewed_at": "2023-07-12T23:58:09Z"
}

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3

Fixed

4.3.20

Affected versions

4.*

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.3.12

4.3.13

4.3.14

4.3.15

4.3.16

4.3.17

4.3.18

4.3.19

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0rc1

Fixed

5.1.7

Affected versions

5.*

5.0rc1

5.0rc2

5.0rc3

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2.0

Fixed

5.2.2

Affected versions

5.*

5.2.0

5.2.1