CVE-2020-7940 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=4.3 <4.3.20 || >=5.0rc1 <5.1.7 || >=5.2.0 <5.2.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0034 pctl0.56058

Details

Plone allows weak passwords Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.

Metadata

Created: 2022-05-24T17:07:14Z
Modified: 2024-10-14T21:49:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cw58-gpgw-hwx2/GHSA-cw58-gpgw-hwx2.json
CWE IDs: ["CWE-521"]
Alternative ID: GHSA-cw58-gpgw-hwx2
Finding: F035
Auto approve: 1